我正在研究我的应用程序中应用内计费的安全性。
我在服务器上进行验证,它是用 c++ 编写的。
哪些方法可以在 C++ 中验证它?
我可以使用 openssl 命令吗?
问问题
1258 次
1 回答
2
You can use the OpenSSL library. The response that your app receives from the Market is a string of JSON data and a signature string which is created using the private key for the public key that is in your developer profile. You should keep that public key on your server, then your app can pass on the JSON string and signature to your server for verification.
The signature string is a base-64 encoded SHA1-with-RSA signature with PKCS#1 padding. You should be able to verify it in a C++ program using the OpenSSL EVP_Verify... functions: http://www.openssl.org/docs/crypto/evp.html
于 2012-02-14T17:20:04.300 回答