The significant feature of the Google API key, for this purpose is that the initial URL is effectively encrypted twice. The first "encryption" (or hash) is performed effectively with a public key, so that anyone can take a URL and produce its "hash". The second stage is performed with a secret key known only to the Google server.
[Although there are public and secret keys here, that doesn't mean that we're talking about one-way encryption algorithms. In fact the second encryption stage must be two-way. The first "encryption" must be one way because it maps URLs of effectively unlimited length to a fixed-length 160-bit "hash"]. When I register for a key, the Google server takes my URL as the plaintext and performs the public algorithm to create the "hash" as the cyphertext, then it takes the "hash" and encrypts that to produce part of the key as its cyphertext. Google then add extra bits that encode my Google Account ID to produce the full key which is returned to me. Only the part derived from the URL is used in key validation. URL ==public=> Hash <=secret=> API key Nothing is stored on the Google servers when I register. When I try to use the key, I send the API key to a Google server, and it decyphers the URL part using their secret key to recreate the Hash. In early API releases, the Hash was just returned to main.js. Main.js encodes variants of the URL to see if any of them produce the Hash. It current versions of the API that validation is also performed in the server. The bit about "variants of the URL" allows a key to be used over different ranges. E.g. If the current page is https://sales.domain.com/folder/page.htm the key could have been registered with any of these URLs https://sales.domain.com/folder http://sales.domain.com/folder https://sales.domain.com http://sales.domain.com https://domain.com http://domain.com so the code in main.js has to hash all those possibilities. -- Mike Williams http://econym.org.uk/gmap --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
