Comparing signed data and signature in Android Market responses using Ruby on Rails

Question

Comparing signed data and signature in Android Market responses using Ruby on Rails

I am wondering if anyone has any links to any literature on how to approach this problem.

I get two datasets from the Android Market; “Signed Data,” JSON representation of the purchase, and “Signature,” encoded in Base64, an encrypted representation of signed data.

I think you need to use the public key to encrypt the signed data and compare it with the signature?

My strategy so far has been as follows:

1) Base64 decodes the public key and uses OpenSSL :: PKey :: RSA.new to create the public key object

2) Base64 decodes the signature returned from Android

3) Encrypt the signed data using the public key and compare with the signature

What is the correct way to do this in Ruby?

+4

java ruby ruby-on-rails google-play rsa

John h Feb 27 '12 at 17:37

source share

1 answer

John h · Accepted Answer · 2012-02-28T11:43:28+0000

Here is the answer: How to check Android In-app billing on a server with Ruby?

The public key object created in the first step has a convenient verify method for comparing Base64 decoded data in step 2 with signed data.

verified = key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(signature), signed_data)

Happiness.

Comparing signed data and signature in Android Market responses using Ruby on Rails

More articles: