用于Android购买数据的Erlang加密验证

ndasle7k 于 2022-12-08 发布在 Erlang

关注(0)|答案(3)|浏览(206)

我正在使用加密：验证它检查Google Play购买信息，是一个“坏参数例外”。我想让你知道如何。

OrderData = <<"{\"orderId\":\"12999763169054705758.1323507343902706\",\"packageName\":\"...\",\"productId\":\"item1\",\"purchaseTime\":1385090498734,\"purchaseState\":0,\"developerPayload\":\"DEVELOPER_PAYMENT\",\"purchaseToken\":\"...\"}">>),
PublicKeyString = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4WYUM+LiABp/fp5YHngKjpCslKyhMIosBND3nbgFyrt2bv7Bd8nVl80kOWHPWR8HLUH5u+r8MP9KF7klG8OiWk1GROgs3pHB5BNl2TdOIT6rtnUJXslFqlnGh5IlpShJVUIrO2ADbXmwsN3AviZBw0ZjctfjK5t1UOvptSDGolBl5UtoVZ/TNjpa6QtMPtccGRDNmXAWFrEhTMDLdH+EPeapAmxi/rY0RBDMdobj1UtQdFA+iGlp6adbkjW7xFGWxyjS+dKFbn/jULxILfLVQ3XpGZXQMGW3FvyAvuZBM1ZWHrM4t0aQZGSHsvCste7hMe97lozsuXsb8JdfRjdO..."),
DataSignature = <<"MxauTspbl/1pB8836+sgM8Jw//auJ2VzIhV4JlxAHNJQ2klA20F8m2d/+60Px0MPCPhU478ezn4Jsy168RKjz+dTUjjwgN118uTO8aKjQ8DVwVNVR9FzljFSou2V9hY4TitzEyhl6Iy5B7GqReRsbd4b1YajLkuwRKIt4vSBlamqjVBBbgqGuq8ppRPp15wruRRMJdVHlZXXXmiDw1pd+nr7z9CXVZ0nAyivy9Tq8W1clKUmtHdQt3NtOR4kXiFfiu6+IOAedn1uwV2akfBTd5UD0/PbJeXy8sNWF/2yjzCGbn9HZJqGBG2R9HSehcolvhGI7mAwam8nt7ljkO0Gww==">>),

SizedBinary = fun(Binary) -> <<(size(Binary)):32/integer,  Binary/binary>> end,
Hash = crypto:hash(sha, OrderData),

PublicKey =  base64:decode(PublicKeyString), %% (is valid ???)
Signature1 = base64:decode(DataSignature),   %% (is valid ???)
crypto:rsa_verify(SizedBinary(Hash), Signature1, PublicKey).

** exception error: bad argument
     in function  crypto:rsa_verify_nif/4

erlang

来源：https://stackoverflow.com/questions/20490222/erlang-crypto-verify-for-android-purchase-data

3条答案

按热度按时间

g0czyy6m1#

valid_purchase(Receipt, Signature, PublicKey) ->
    PublicKeyBytes = base64:decode(PublicKey),
    SignatureBytes = base64:decode(Signature),
    {'SubjectPublicKeyInfo', _, KeyDer} = public_key:der_decode('SubjectPublicKeyInfo', PublicKeyBytes),
    PublicKey2 = public_key:der_decode('RSAPublicKey', KeyDer),
    public_key:verify(Receipt, sha, SignatureBytes, PublicKey2).

赞(0）回复(0）举报 2022-12-08

fumotvh32#

验证代码。

{ok, PemBin} = file:read_file("test.pem"),
[RSAEntry] = public_key:pem_decode(PemBin),
{_KeyType, Modulus, Exponent} = public_key:pem_entry_decode(RSAEntry),
RSAPubKey = [Exponent, Modulus],
Signature = base64:decode(?DataSignature),  
crypto:verify(rsa, sha, ?OrderData, Signature, RSAPubKey).
> ok.

赞(0）回复(0）举报 2022-12-08

f0ofjuux3#

您确定需要使用base64编解码器解码吗？因为根据文档：

rsa_verify(DataOrDigest, Signature, Key) -> Verified
 rsa_verify(DigestType, DataOrDigest, Signature, Key) -> Verified 

 Types:

 Verified = boolean()
 DataOrDigest = Data | {digest|Digest}
 Data, Signature = Mpint
 Digest = binary()
 Key = [E, N]
 E, N = Mpint
 Where E is the public exponent and N is public modulus.
 DigestType = md5 | sha | sha224 | sha256 | sha384 | sha512
 The default DigestType is sha.
 Mpint = binary()
 Verifies that a digest matches the RSA signature using the signer's public key Key. The      digest is either calculated as a DigestType digest of Data or a precalculated binary Digest.

 May throw exception notsup in case the chosen DigestType is not supported by the underlying OpenSSL implementation.

AFAIK，应该使用verify/5。它是新API的一部分，不需要任何"mpint"值（带size标记的二进制文件）。

赞(0）回复(0）举报 2022-12-08

我来回答

用于Android购买数据的Erlang加密验证

3条答案

相关问题

热门标签

最新问答