• <bdo id='5uKVG'></bdo><ul id='5uKVG'></ul>

      <small id='5uKVG'></small><noframes id='5uKVG'>

      <i id='5uKVG'><tr id='5uKVG'><dt id='5uKVG'><q id='5uKVG'><span id='5uKVG'><b id='5uKVG'><form id='5uKVG'><ins id='5uKVG'></ins><ul id='5uKVG'></ul><sub id='5uKVG'></sub></form><legend id='5uKVG'></legend><bdo id='5uKVG'><pre id='5uKVG'><center id='5uKVG'></center></pre></bdo></b><th id='5uKVG'></th></span></q></dt></tr></i><div id='5uKVG'><tfoot id='5uKVG'></tfoot><dl id='5uKVG'><fieldset id='5uKVG'></fieldset></dl></div>

      <tfoot id='5uKVG'></tfoot><legend id='5uKVG'><style id='5uKVG'><dir id='5uKVG'><q id='5uKVG'></q></dir></style></legend>

        使用php OpenSSL的Android应用内购买服务器签名验证

        时间:2023-10-15
          <tbody id='oft4T'></tbody>
          <bdo id='oft4T'></bdo><ul id='oft4T'></ul>

        • <i id='oft4T'><tr id='oft4T'><dt id='oft4T'><q id='oft4T'><span id='oft4T'><b id='oft4T'><form id='oft4T'><ins id='oft4T'></ins><ul id='oft4T'></ul><sub id='oft4T'></sub></form><legend id='oft4T'></legend><bdo id='oft4T'><pre id='oft4T'><center id='oft4T'></center></pre></bdo></b><th id='oft4T'></th></span></q></dt></tr></i><div id='oft4T'><tfoot id='oft4T'></tfoot><dl id='oft4T'><fieldset id='oft4T'></fieldset></dl></div>

            • <tfoot id='oft4T'></tfoot>

              <small id='oft4T'></small><noframes id='oft4T'>

                  <legend id='oft4T'><style id='oft4T'><dir id='oft4T'><q id='oft4T'></q></dir></style></legend>
                • 本文介绍了使用php OpenSSL的Android应用内购买服务器签名验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  为了在此处遵循应用内购买的一些安全指南:http://developer.android.com/guide/market/billing/billing_best_practices.html

                  In an attempt to follow some of the security guidelines for in-app purchase here: http://developer.android.com/guide/market/billing/billing_best_practices.html

                  我正在尝试在服务器上而不是在应用程序本身中进行签名验证.理想情况下,我想使用 php openssl 库,看起来像下面这样的代码应该可以工作:

                  I am trying to do signature validation on a server instead of in the app iteself. I would ideally like to use the php openssl libraries and it looks like code such as the following should work:

                  <?php
                  // $data and $signature are assumed to contain the data and the signature
                  
                  // fetch public key from certificate and ready it
                  $fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
                  $cert = fread($fp, 8192);
                  fclose($fp);
                  $pubkeyid = openssl_get_publickey($cert);
                  
                  // state whether signature is okay or not
                  $ok = openssl_verify($data, $signature, $pubkeyid);
                  if ($ok == 1) {
                      echo "good";
                  } elseif ($ok == 0) {
                      echo "bad";
                  } else {
                      echo "ugly, error checking signature";
                  }
                  // free the key from memory
                  openssl_free_key($pubkeyid);
                  ?>
                  

                  我用应用购买包中的 base64 解码签名字符串替换了签名,并使用了同一个包中的数据.公钥需要采用 PEM 格式,我添加了 BEGIN 和 END 标记以及一些换行符.

                  I replace signature with the base64 decoded signature string in the app purchase bundle and the use the data from the same bundle. The public key needs to be in PEM format and I added the BEGIN and END tokens and some line breaks.

                  我的问题是我无法获得此 PHP 代码来成功验证数据/签名,而且我不知道需要进行哪些更改才能使其正常工作.

                  My problem is that I can not get this PHP code to successfully verify the data/signature and I do not know what needs to change to get it to work correctly.

                  如果我使用 openssl,创建一个私钥和公钥,使用 sha1 为相同的数据创建一个签名并通过上面的 php 代码运行它,它工作正常并成功验证.

                  If I use openssl, create a private and public key, create a signature for the same data using sha1 and run it through the above php code, it works fine and validate successfully.

                  以下是我如何使用 OpenSSL:

                  Here is how I use OpenSSL:

                  openssl genrsa -out private.pem
                  openssl rsa -in private.pem -pubout -out public.pem
                  

                  然后我使用private.pem和一些php代码来生成一个签名:

                  then I use the private.pem and some php code to generate a signature:

                  ...
                  openssl_sign($data, $signature, $pkeyid);
                  ...
                  

                  有没有人有任何可用的示例 php 代码,其中包含应用程序内签名的服务器端验证?

                  Does anyone have any working sample php code with server side validation of in-app signatures?

                  我可以运行示例应用程序中的等效 java 代码,这似乎可以正常工作,但如果可能,我想直接使用 php.

                  I could just run the equivalent java code that is in the sample application, and that seems to work ok, but I would like to use php directly if possible.

                  推荐答案

                  我编写了一个用于验证 Android Market 许可响应的库,可在 Google 代码.

                  I've written a library for verifying Android Market licensing responses and it's available on Google Code.

                  它只需要一个 几行 PHP 代码来验证许可证,密钥的格式和 OpenSSL 的内容会为您处理.

                  It just takes a few lines of PHP to verify a license, and the formatting of keys and OpenSSL stuff is taken care of for you.

                  这篇关于使用php OpenSSL的Android应用内购买服务器签名验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:第二部分:如何让 Ruby AES-256-CBC 和 PHP MCRYPT_RIJNDAEL_128 很好地协同工作 下一篇:“tlsv1 警报内部错误"握手时

                  相关文章

                  <small id='FlMHc'></small><noframes id='FlMHc'>

                      <bdo id='FlMHc'></bdo><ul id='FlMHc'></ul>
                      <legend id='FlMHc'><style id='FlMHc'><dir id='FlMHc'><q id='FlMHc'></q></dir></style></legend>

                    1. <i id='FlMHc'><tr id='FlMHc'><dt id='FlMHc'><q id='FlMHc'><span id='FlMHc'><b id='FlMHc'><form id='FlMHc'><ins id='FlMHc'></ins><ul id='FlMHc'></ul><sub id='FlMHc'></sub></form><legend id='FlMHc'></legend><bdo id='FlMHc'><pre id='FlMHc'><center id='FlMHc'></center></pre></bdo></b><th id='FlMHc'></th></span></q></dt></tr></i><div id='FlMHc'><tfoot id='FlMHc'></tfoot><dl id='FlMHc'><fieldset id='FlMHc'></fieldset></dl></div>

                      <tfoot id='FlMHc'></tfoot>