diff --git a/woa/init.py b/woa/init.py
index 1d444b9..da8988a 100644
--- a/woa/init.py
+++ b/woa/init.py
@@ -43,13 +43,20 @@ class WOAHandler:
 		debug(f'{self.app_id=}::{self.token=}::{encoding_aes_key=}::{len(encoding_aes_key)=}')
 		self.media_manager = WeChatMediaManager(self.app_id, self.secret)
 
+	def _signature(self, timestamp: str, nonce: str, encrypt:str=None) -> str:
+		lst = [self.token, timestamp, nonce]
+		if encrypt:
+			lst.append(encrypt)
+		check_list = sorted(lst)
+		check_str = "".join(check_list)
+		hash_code = hashlib.sha1(check_str.encode('utf-8')).hexdigest()
+		return hash_code
+
 	def _check_signature(self, signature: str, timestamp: str, nonce: str) -> bool:
 		"""验证签名"""
 		if not signature:
 			return False
-		check_list = sorted([self.token, timestamp, nonce])
-		check_str = "".join(check_list)
-		hash_code = hashlib.sha1(check_str.encode('utf-8')).hexdigest()
+		hash_code = self._signature(timestamp, nonce)
 		return hash_code == signature
 
 	def _decrypt_msg(self, encrypt_msg: str) -> str:
@@ -252,8 +259,9 @@ class WOAHandler:
 					exception(f'{e}')
 
 				# 构造加密后的返回 XML 包
+				sign = self._signature(timestamp, nonce, encrypt=encrypted_xml_str)
 				final_xml = f"""
-				<xml><Encrypt><![CDATA[{encrypted_xml_str}]]></Encrypt><MsgSignature><![CDATA[{hashlib.sha1((self.token + timestamp + nonce + encrypted_xml_str).encode()).hexdigest()}]]></MsgSignature><TimeStamp>{timestamp}</TimeStamp><Nonce><![CDATA[{nonce}]]></Nonce></xml>"""
+				<xml><Encrypt><![CDATA[{encrypted_xml_str}]]></Encrypt><MsgSignature><![CDATA[{sign}]]></MsgSignature><TimeStamp>{timestamp}</TimeStamp><Nonce><![CDATA[{nonce}]]></Nonce></xml>"""
 				debug(f'加密后的返回：{final_xml}')
 				return web.Response(text=final_xml, content_type='application/xml')
 			elif reply_xml: