Home/Tools/Signature Verification

Signature Verification

Verify payment and API signatures. Compare computed HMAC/RSA signatures with received values. Supports MD5, SHA1, SHA256, SHA512, RSA-SHA256.

Quick Examples

Algorithm

HMAC

RSA

Message

Secret Key

Received Signature

⏳

Enter message, key, and received signature to verify

Common Payment Signature Rules

Alipay: Sort params by key, concatenate with &, append key, then sign with MD5 or RSA2 (SHA256).

WeChat Pay: Sort params by ASCII, concatenate with &key=, then sign with HMAC-SHA256 or MD5.

Stripe: Use HMAC-SHA256 with the signing secret. Compare using timing-safe equals.

Tip: Paste the raw parameter string (before signing) as the message. The signature should be computed on exactly this string.

Signature Verification - CodeTools Toolbox - Free online developer tools.