diff --git a/src/main/java/com/gxwebsoft/common/system/controller/WxOfficialController.java b/src/main/java/com/gxwebsoft/common/system/controller/WxOfficialController.java
index 4b1dedb..1721d05 100644
--- a/src/main/java/com/gxwebsoft/common/system/controller/WxOfficialController.java
+++ b/src/main/java/com/gxwebsoft/common/system/controller/WxOfficialController.java
@@ -139,8 +139,17 @@ public class WxOfficialController extends BaseController {
     // 如果有加密参数，进行解密
     if (StrUtil.isNotBlank(msg_signature) && StrUtil.isNotBlank(xmlData) && xmlData.contains("Encrypt")) {
       try {
+        Document encryptedDocument = XmlUtil.parseXml(xmlData);
+        Element encryptedRoot = XmlUtil.getRootElement(encryptedDocument);
+        Element encryptElement = XmlUtil.getElement(encryptedRoot, "Encrypt");
+        String encryptedMessage = encryptElement != null ? encryptElement.getTextContent() : "";
+        if (StrUtil.isBlank(encryptedMessage)) {
+          log.error("消息解密失败: 未从XML报文中提取到Encrypt节点");
+          return "error";
+        }
+
         WXBizJsonMsgCrypt crypt = new WXBizJsonMsgCrypt(getOfficialToken(), getOfficialEncodingAESKey(), getOfficialAppId(tenantId));
-        xmlData = crypt.DecryptMsg(msg_signature, timestamp, nonce, xmlData);
+        xmlData = crypt.DecryptXmlMsg(msg_signature, timestamp, nonce, encryptedMessage);
         System.out.println("解密后xmlData = " + xmlData);
       } catch (Exception e) {
         log.error("消息解密失败: {}", e.getMessage());
diff --git a/src/main/java/com/qq/weixin/mp/aes/WXBizJsonMsgCrypt.java b/src/main/java/com/qq/weixin/mp/aes/WXBizJsonMsgCrypt.java
index 74ef144..d04ad13 100644
--- a/src/main/java/com/qq/weixin/mp/aes/WXBizJsonMsgCrypt.java
+++ b/src/main/java/com/qq/weixin/mp/aes/WXBizJsonMsgCrypt.java
@@ -248,20 +248,26 @@ public class WXBizJsonMsgCrypt {
 		// 密钥，公众账号的app secret
 		// 提取密文
 		Object[] encrypt = JsonParse.extract(postData);
+		return decryptByCipherText(msgSignature, timeStamp, nonce, encrypt[1].toString());
+	}
 
-		// 验证安全签名
-		String signature = SHA1.getSHA1(token, timeStamp, nonce, encrypt[1].toString());
+	/**
+	 * 适配公众号/服务号 XML 回调：直接传入 <Encrypt> 节点中的密文进行验签与解密。
+	 */
+	public String DecryptXmlMsg(String msgSignature, String timeStamp, String nonce, String encryptedMsg)
+			throws AesException {
+		return decryptByCipherText(msgSignature, timeStamp, nonce, encryptedMsg);
+	}
+
+	private String decryptByCipherText(String msgSignature, String timeStamp, String nonce, String encryptedMsg)
+			throws AesException {
+		String signature = SHA1.getSHA1(token, timeStamp, nonce, encryptedMsg);
 
-		// 和URL中的签名比较是否相等
-		// System.out.println("第三方收到URL中的签名：" + msg_sign);
-		// System.out.println("第三方校验签名：" + signature);
 		if (!signature.equals(msgSignature)) {
 			throw new AesException(AesException.ValidateSignatureError);
 		}
 
-		// 解密
-		String result = decrypt(encrypt[1].toString());
-		return result;
+		return decrypt(encryptedMsg);
 	}
 
 	/**