Still no luck, I am pretty confident I am sending the PHP routines correctly formatted data.
A followup question: How can I verify the signature and data using only openssl, here is what I am currently doing: openssl dgst -sha1 -verify public.key.ssl -signature signature.bin data where public.key.ssl is the public key string (publickey.raw) from the developer profile converted to PEM with: openssl enc -base64 -d -in publickey.raw -A | openssl rsa -inform DER -pubin > public.key.ssl signature.bin is the signature value decoded from base64 with: openssl enc -base64 -d -in signature -A > signature.bin the openssl dgst ... command returns: Verification Failure Thanks, Nate On Apr 13, 7:48 pm, Nikolay Elenkov <[email protected]> wrote: > On Thu, Apr 14, 2011 at 2:05 AM, Nate Totura <[email protected]> wrote: > > > Thanks, the openssl_sign() php function is just being used to verify > > that if I sign something myself, instead of using the Google returned > > version, that it works in my php verification code. The openssl_sign() > > does return binary and I am encoding it to base64 before using it > > elsewhere. > > I don't use PHP, but my point is that if openssl_sign() returns binary, > it stands to reason that openssl_verify() expects binary as well. So > you need to Base64-decode what you got from Google before you > feed it to openssl_verify() if you are not already doing so. If you are, > make sure you are not changing the format (new lines, etc): > depending on how forgiving the Base64 decoder is you might get > a slightly different binary blob. You can try this to check: > > 1. Base64 decode, then hex dump in Java (your app) > 2. Do the same in PHP > 3. Compare the two hex strings > > Also make sure the signature algorithm is the same as in Java > SHA1withRSA (this is probably the default though). -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
