Jump to content

[SOLVED] How to create a digital signature

longtone

By longtone
in PHP Coding Help

Recommended Posts

longtone Member

longtone

Posted
  • Author
Posted

I'm not sure what you mean?

 

Sorry, I'll be more specific:

 

I want to use the Youtube API with secure authentication.

 

I have just got an SSL certificate and uploaded a copy to Google.

 

Now I need to use it to create a digital signature for requests:

 

Signing Requests

 

All requests to Google services using a secure authentication token must be signed. This includes calls to AuthSubSessionToken, AuthSubRevokeToken, AuthSubTokenInfo, and all requests made to Google services. This section describes how to include a signature in a request.

 

As mentioned, secure tokens are issued only to web sites or applications that have registered with Google. Part of the registration process includes providing a certificate to Google. To sign requests, the web application generates a signature from the private key corresponding to the certificate. Google supports the RSA signature algorithm, and may support additional signature algorithms in the future. When a signed request is received, the Google service verifies the signature before granting access. Requests using a secure token are denied if they are not signed.

 

Note: Some Google services respond to a request with a redirect. In this case, the redirected request must also be signed.

 

A signature is added to the "Authorization" header of the request, along with the authentication token. The header should take the form:

 

Authorization: AuthSub token="token" sigalg="sigalg" data="data" sig="sig"

 

Parameter Description

token (required) The authentication token received from Google in response to an AuthSubRequest call.

sigalg (required if token is secure) Signature algorithm. The only legal value for this parameter is "rsa-sha1", referring to SHA-1 with RSA using PKCS#1 padding.  In the future, more signature algorithms may be supported.

data (required if token is secure) The request metadata to be signed. The value of this parameter is a string with the following format:

 

data = http-method SP http-request-URL SP timestamp SP nonce

 

http-method: the HTTP method being invoked

SP: a single ASCII space character

http-request-URL: the full HTTP URL being requested

timestamp: an integer representing the time the request was sent, expressed in number of seconds after January 1, 1970 00:00:00 GMT

nonce: a random 64-bit, unsigned number encoded as an ASCII string in decimal

 

A timestamp/nonce combination should never be used more than once.

sig (required if token is secure) The signature for the secure token. This value must be a signature made by the private key corresponding to the certificate provided during registration. It must be encoded in BASE64, and must use the algorithm specified in the sigalg parameter.

 

(more info : http://code.google.com/apis/accounts/docs/AuthForWebApps.html#signingrequests

 

So I need a function that will encrypt the data in exactly the way Google are expecting.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.