API

Correct signature calculation?

Good afternoon!
Developing my application to work with api ok, I wrote the following function to calculate the signature -

$arr = ['application_key' => $okpublicKey, 'method' => $method];

if (is_array($query)) { // это массив с переменными запроса ключ=значение
    $arr = array_merge($arr, $query);
}

ksort ($arr);
$sigstr = null;
$keys = array_keys ($arr);

foreach($keys AS $key) {
    $sigstr .= $key . '=' . $arr[$key];
}
    
$sig = md5($sigstr . md5($access_tokenn.$okclientSecret));

it works quite well, but something is apparently wrong in it, because in the logs there are about 2% of errors like

Err: {"error_code":104,"error_msg":"PARAM_SIGNATURE : Invalid signature 97d3597208670e2907ef6e6f26f11988, calculated by string application_key=CDSFDEEBAcomment=NEW \r\nCool cardigans1200₽ . 42,44,46,48\r\rCashmere super quality \n⭐️☀️ method=photosV2.commit********SECRET KEY*******","error_data":null}

I ask for a kick in the right direction, what could be wrong? Or, maybe, somewhere there is a ready algorithm for calculating the signature .. Official information could not be found, only the tambourine method :)