When implementing Alipay refund based on Riverslei/Payment, an error is reported: request get failed, msg[Invalid Arguments], sub_msg[Check error, it is recommended to check whether the signature string or signed private key matches the application public key
1. When the Alipay refund is implemented based on Riverslei/Payment, an error is reported: request get failed, msg[Invalid Arguments], sub_msg[验签出错,建议检查签名字符串或签名私钥与应用公钥是否匹配。如图1
![在基于 riverslei/payment 实现支付宝退款时,报错:request get failed, msg[Invalid Arguments], sub_msg[验签出错,建议检查签名字符串或签名私钥与应用公钥是否匹配。](https://www.shuijingwanwq.com/wp-content/uploads/2025/07/1.jpg)
Figure 1
2. What you provide is an RSA private key in pkcs#1 (starting with miievq…, without the head and tail identification), you need to convert it to rsa in pkcs#8 format through the openssl command The private key can only be recognized by Alipay. Copy the contents of the private key to the file pkcs1.pem, and then execute the following command. as shown in Figure 2
Figure 2
$ openssl pkcs8 -topk8 -inform pem -in pkcs1.pem -out pkcs8.pem -outform pem -nocrypt wangqiang@desktop-f6ao3m2 mingw64 /c/wwwroot/apply-server/src (feature/alipay)
3. Finally, save the contents of pkcs8.pem to ali_rsa_private_key. as shown in Figure 3
Figure 3
4. The prompt has changed, the prompt: sign error, sign type is[RSA2]. msg:[您使用的私钥格式错误,请检查RSA私钥配置]. as shown in Figure 4
![提示有所变化,提示:sign error, sign type is [RSA2]. msg: [您使用的私钥格式错误,请检查RSA私钥配置]](https://www.shuijingwanwq.com/wp-content/uploads/2025/07/4.jpg)
Figure 4
5. Edit the file Vendor/Riverslei/payment/src/helpers/rsa2encrypt.php,
/**
* RSA2 signature, here the secret key is a private key
* @param string $data signed array
* @throws \exception
* @return string
* @author leo
*/
public function encrypt($data)
{
if ($this->key === False) {
return;
}
\yii::info(
[
data=> $data,
key=> $this->key
]#ATFP_CLOSE_Translate_span#
);
$res = openssl_get_privateKey($this->key);
if (empty($res)) {
throw new \exception(The private key you are using is wrong, please check RSA private key configuration 1);
}
openssl_sign($data, $sign, $res, openssl_algo_sha256);
openssl_free_key($res);
//base64 encoding
$sign = base64_encode($sign);
return $sign;
}
6. Check $this->key, there are actually 2 —–begin RSA private key—–, —–begin private key—– . as shown in Figure 5
Figure 5
7. When saving the contents of pkcs8.pem to ali_rsa_private_key, first clean up —–begin RSA private key—–. as shown in Figure 6
Figure 6
$aliConfig =[ use_sandbox=> false, // Whether to use sandbox mode app_id=> $payee->ali_app_id, sign_type=> $payee->ali_sign_type, // RSA RSA2 // Alipay public key string ali_public_key=> $payee->ali_public_key, // the key string generated by yourself RSA_Private_Key=> $payee->ALI_RSA_Private_Key, FEE_TYPE=>cny, // Currency type Currently only supports this field ]#atfp_close_translate_span#;
8. Reminder again: request get failed, msg[Invalid Arguments], sub_msg[验签出错,建议检查签名字符串或签名私钥与应用公钥是否匹配,网关生成的验签字符串为
9. Check the file Vendor/Riverslei/payment/src/helpers/strutil.php, and you will find that the RSA private key in PKCS#1 format will be automatically changed (to MieVQ… Beginning, without leading and tailing), convert to the RSA private key in the old version of PKCS#1. In the end, it is still found that the error is still reported: SUB_MSG [checking error, it is recommended to check whether the signature string or signed private key matches the application public key, and the verification string generated by the gateway is
#atfp_close_translate_span#
/**
* Get RSA key content
* @param string $key Incoming key information, possibly a file or a string
* @param string $type
;
* @return string
*/
public static function getrSaKeyValue($key, $type =private)
{
if (is_file($key)) {// is a file
$keystr = @file_get_contents($key);
} else {
$keystr = $key;
}
if (empty($keystr)) {
return null;
}
$keystr = str_replace(php_eol,, $keystr);
// In order to solve the key format passed in by the user, here is unified processing
if ($type ===private) {
$beginstr =-----BEGIN RSA private key-----. php_eol;
$endstr = php_eol .-----END RSA private key----;
} else {
$beginstr =-----Begin Public Key----. php_eol;
$endstr = php_eol .-----end public key----;
}
$rsakey = $beginstr . WordWrap($keystr, 64, "\n", true) . $endstr;
return $RSAKey;
}
10. Edit Vendor/Riverslei/Payment/src/supports/httprequest.php, the verification is successful
/**
* @param string $method
* @param string $url
* @param array $options
* @return array|responseinterface|string|mixed
*/
private function sendRequest(string $method, string $url, array $options =[])
{
\yii::info(
[
$method=> $method,
$url=> $url,
$options=> $options
]#ATFP_CLOSE_Translate_span#
);
// return $this->UnwrapResponse($this->GetHttClient($this->GetBaseOptions())->{$method}($url, $options));
return $this->UnwrapResponse($this->GetHttClient($this->GetBaseOptions())->{$method}($url,[
Headers=> [content-type=>application/x-www-form-urlencoded]#ATFP_CLOSE_Translate_span#,
Body=> http_build_query($options['query'],,&, php_query_rfc3986),
]));
}
11. However, due to the garbled characters in the response, the json_decode error is reported. as shown in Figure 7
Figure 7
$ret = $this->get($this->gatewayURL, $params);
if (!mb_check_encoding($ret,UTF-8)) {
$ret = mb_convert_encoding($ret,UTF-8,GBK);
}
12. Error: Check the check error, please confirm that the charset parameter is placed in the url query string and each parameter value is encoded by the character set indicated by the charset parameter. as shown in Figure 8
8
13. Carefully compare the signature string before and after the request, and find that RETURN_URL= is lost, and decide to delete the RETURN_URL during configuration. The reason is
/**
* Get basic data
* @param string $method
* @param array $bizcontent
* @return array
*/
private function getBaseData(string $method, array $bizcontent)
{
$requestData =[
app_id=> self::$config->get(app_id,,
method=> $method,
Format=>json,
return_url=> self::$config->get(return_url,,
Charset=>UTF-8,
sign_type=> self::$config->get(sign_type,,
timestamp=> date(Y-M-D H:I:S,
version=>1.0,
notify_url=> self::$config->get(notify_url,,
//app_auth_token=>, // temporarily not used
biz_content=> json_encode($bizcontent, json_unescaped_unicode),
]#atfp_close_translate_span#;
return ArrayUtil::ArraySort($RequestData);
}
echo html_entity_decode(app_id=2021005146654430&biz_content={"out_trade_no& ;:"1831248803313247","refund_amount& ;:"0.01","refund_currency":&am p;quot;CNY","refund_reason":"refund For conference registration fee (Ticket)","out_request_no":"183124880331311&A mp;quot;}&charset=utf-8&format=json&method=alipay.trade.ref und&notify_url=https://5347-43-249-50-182.ngrok-free.app/ali-payment/notif y-ticket-order/1831248803313247&sign_type=rsa2&timestamp=2025-05-10 16:39:56&version=1.0);
// signature string before request
// app_id=2021005146654430&biz_content={"out_trade_no":"183124880331324 7","refund_amount":"0.01","refund_currency":"cny","refund_reason":"refund For conference registration fee (ticket)","out_request_no":"1831248803313311"}&charset=utf-8& format=json&method=alipay.trade.refund&notify_url=https://534 7-43-249-50-182.ngrok-free.app/ali-payment/notify-ticket-order/183124 8803313247&return_url=&sign_type=rsa2&timestamp=2025-05-10 16:39:56&version=1.0
// Error after request, the signature string used by Alipay
// app_id=2021005146654430&biz_content={"out_trade_no":"183124880331324 7","refund_amount":"0.01","refund_currency":"cny","refund_reason":"refund For conference registration fee (ticket)","out_request_no":"1831248803313311"}&charset=UTF-8& amp;format=json&method=alipay.trade.refund&notify_url=htt ps://5347-43-249-50-182.ngrok-free.app/ali-payment/notify-ticket- order/1831248803313247&sign_type=rsa2&timestamp=2025-05-10 16:39:56&version=1.0
14. The verification string returned by Alipay does not contain null fields, such as return_url= (null value), and you include it when you participate in the signature, resulting in inconsistency in the signature string, resulting in the failure of the signature verification. Decided to adjust the configuration
$aliConfig =[ use_sandbox=> false, // Whether to use sandbox mode app_id=> $payee->ali_app_id, sign_type=> $payee->ali_sign_type, // RSA RSA2 // Alipay public key string ali_public_key=> $payee->ali_public_key, // the key string generated by yourself RSA_Private_Key=> $payee->ALI_RSA_Private_Key, limit_pay=> [ //balance, // balance //moneyfund, // Yu'e Bao //DebitCardExpress, // Debit card fast //creditcard, // credit card //CreditCardExpress, // Credit card fast //creditCardCartoon, // credit card cartoon //credit_group, // Credit payment type (including credit card card, credit card fast, Huabei, Huabei installment) ]#atfp_close_translate_span#, // The user cannot use the specified channel to pay when there are multiple channels, separate them with "," // business-related parameters notify_url=>notify_url, return_url=>return_url, FEE_TYPE=>cny, // Currency type Currently only supports this field ];
15. No more errors. Response to print refunds
$result = $client->refund($refundData); yii::info( [ result=> $result, data=> $refundData, ]#ATFP_CLOSE_Translate_span#, Refund ali ); [ result=> [ code=>100000, msg=>succeed, Buyer_logon_id=>shu***@163.com, FUND_CHANGE=>y, GMT_REFUND_PAY=>2025-05-10 17:01:59, out_trade_no=>1831248803313320, REFUND_DETAIL_ITEM_LIST=> [ [ amount=>0.01, FUND_CHANNEL=>alipayaccount, ]#ATFP_CLOSE_Translate_span#, ], REFUND_FEE=>0.01, SEND_BACK_FEE=>0.01, TRADE_NO=>2025051022001491671421159148, BUYER_OPEN_ID=>067IQA-DLOIYEOIWWH1KNCYOAIY-QUZEKWWOGX_3VQKI9S7, ], data=>[ TRADE_NO=>1831248803313320, REFUND_FEE=>0.01, Reason=>Refund for Conference Registration Fee (Ticket), REFUND_NO=>1831248803313321, ]#ATFP_CLOSE_Translate_span#, ]
