diff --git a/shim/runtime/signature/client/client.go b/shim/runtime/signature/client/client.go
index 96889d27f326617eab59a1ef63793a00d14265a8..79e99b907141b161189bc02df9518595cf4342d0 100644
--- a/shim/runtime/signature/client/client.go
+++ b/shim/runtime/signature/client/client.go
@@ -3,6 +3,7 @@ package client
 import (
 	"bytes"
 	"crypto/tls"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -91,7 +92,12 @@ func (c *pkcs1Client) Sign(data []byte) (signature []byte, publicKey []byte, err
 		glog.Errorf("failed to unmarshal sign response,%v", err)
 		return nil, nil, err
 	}
-	return []byte(payload.Signature), []byte(payload.PublicKey), nil
+	decode, err := base64.StdEncoding.DecodeString(payload.Signature)
+	if err != nil {
+		glog.Errorf("failed to decode signature,%v", err)
+		return nil, nil, err
+	}
+	return decode, []byte(payload.PublicKey), nil
 }
 
 func (c *pkcs1Client) GetStandard() SignStandard {
diff --git a/shim/runtime/signature/server/api/handler.go b/shim/runtime/signature/server/api/handler.go
index 203e3d0cb4efcbebb62bdf639d7242be57de039d..7d5629759f5b53981bff3532f4899a78360a2e0f 100644
--- a/shim/runtime/signature/server/api/handler.go
+++ b/shim/runtime/signature/server/api/handler.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
+	"encoding/base64"
 	"io/ioutil"
 	"net/http"
 
@@ -34,7 +35,7 @@ func (s *ApiServer) pkcs1Handler(c *gin.Context) {
 		return
 	}
 
-	payload.Signature = string(signedBytes)
+	payload.Signature = base64.StdEncoding.EncodeToString(signedBytes)
 	bytes, err := ioutil.ReadFile(s.publicKeyFilePath)
 	if err != nil {
 		glog.Errorf("failed to parse public key, public key path: %s, err:%v", s.publicKeyFilePath, err.Error())