14 messages in com.googlegroups.bloggerdevRe: NO Secure signed token example??| From | Sent On | Attachments |
|---|---|---|
| cam...@gmail.com | 21 Feb 2007 08:20 | |
| Pete Hopkins ☠ | 21 Feb 2007 10:38 | |
| cam...@gmail.com | 21 Feb 2007 15:32 | |
| Pete Hopkins ☠ | 21 Feb 2007 16:01 | |
| cam...@gmail.com | 22 Feb 2007 02:27 | |
| cam...@gmail.com | 22 Feb 2007 09:17 | |
| Pete Hopkins ☠ | 22 Feb 2007 09:47 | |
| cam...@gmail.com | 22 Feb 2007 10:41 | |
| Pete Hopkins ☠ | 22 Feb 2007 16:16 | |
| cam...@gmail.com | 22 Feb 2007 16:56 | |
| Pete Hopkins ☠ | 27 Feb 2007 15:53 | |
| Pete Hopkins ☠ | 27 Feb 2007 17:04 | |
| cam...@gmail.com | 01 Mar 2007 08:12 | |
| Pete Hopkins ☠ | 01 Mar 2007 10:30 |
| Subject: | Re: NO Secure signed token example?? |
|---|---|
| From: | cam...@gmail.com (cam...@gmail.com) |
| Date: | 02/22/2007 09:17:00 AM |
| List: | com.googlegroups.bloggerdev |
I have realised what I am doing wrong.
I will doc this all when I get it working, but just to say that you need to 'sign' the 'data' with open_ssl using the 'key.pem' file which was also created when generating the 'certificate' (another .pem file) which is used during the registration process (using an xml file)
see here for how to 'sign' the data :
http://uk2.php.net/manual/en/function.openssl-sign.php
and here, for how to generate the key and cert :
http://www.ipsec-howto.org/x595.html
for the registration process here :
http://code.google.com/apis/accounts/RegistrationForWebApps.html
Now - this is still not working - the signed, encoded data seems too long.
Also, I would like to clear something up too:
In the docs for signing secure web app requests, there is a requirement to generate a:
"nonce: a random 64-bit, unsigned number encoded as an ASCII string in decimal"
http://code.google.com/apis/accounts/AuthForWebApps.html#signingrequests
Does anyone know how I would do this in PHP?
Is this simply a 20 digit random number?
thanks
On Feb 22, 12:01 am, "Pete Hopkins ☠" <phop...@google.com> wrote:
On 2/21/07, cam...@gmail.com <cam...@gmail.com> wrote:
Hi Pete. Thanks for replying.
I tried over on the Google Account API group the similar question, with how/what I am doing in the code:
Very similar 'pseudo' code to what you suggest, where 'sign' would be 'sha' (I think)
No, 'sign' is the openssl-sign function. Note that SHA-1 is, by itself, just a hash function. rsa-sha1 hashes the input with SHA-1 and then RSA encrypts the hash with a private key to make a signature. That's taken care of with openssl-sign.
-- Pete
however, what I am trying just is not working. (argh)
On Feb 21, 6:38 pm, "Pete Hopkins ☠" <phop...@google.com> wrote:
I haven't tried this in PHP, but a quick doc search shows that:
is probably what you want.
The docs could be more explicit, but the general algorithm is (in pseudo PHP):
$data = "GET " . $url . " " . time() . " " . random(); $sig = base64(sign($data, $key));
Is there any place where you're getting stuck in particular?
-- Pete
Hi,
OK. I am totally stuck here. I am amazed that I cannot find any examples anywhere of a client (php) which demonstrates the 'signing' of the data required to perform secure connections to Blogger, using my registered app.
I think it's a good idea for Google to move to a single login, but without the proper examples and assistance coming to help application providers like myself to upgrade their systems to support the Google logins then things are not going to happen. It was fairly easy for me to register my app to remove the 'Warning' on the login page, but why on earth is there no explanation at all of what to do when 'signing' the Authorization??
See here for docs to
that:http://code.google.com/apis/accounts/AuthForWebApps.html#signingrequests
Surely being secure and 'warning free' is what Google wants?
As the day draws near when my users will have to move over to the new system, if I dont get this fixed, then I'll just have to drop Blogger support and recommend another vendor who does support developers.
I'm pretty sure the answer/solution I need is so simple for someone in the know.
This is absolutely crucial. Please please please can anyone help?
If I can get it all working, I will happily share how to do it, as I am clearly not alone in needed this knowledge.
thanks, camoby