You can parse it in PHP by first splitting it into 64 byte chunks separated by \n, then prepending -----BEGIN PRIVATE KEY-----, then appending -----END PRIVATE KEY-----, then calling openssl_pkey_get_private().
On Thu, May 22, 2008 at 12:21 PM, Ropu <[EMAIL PROTECTED]> wrote: > Hi Brian > > i tried with all the combinations i could Imagen with the consumer_secret > from the oauth.json and cant make it work. > > any suggestions on how to handle that key in php? > > I tried using ur example key. > > "http://dirk.balfanz.googlepages.com/contacts.xml"; : { > "google" : { > "consumer_secret" : > "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8VA7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJhI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8HX9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mmuScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmwrn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0ZzO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+NccnqkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNGWPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUnocn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54Lw03eHTNQghS0A==", > "consumer_key" : "weitu.googlepages.com", > "key_type" : "RSA_PRIVATE" > } > } > > Thanks > > bruno > > On Thu, May 22, 2008 at 3:59 PM, Brian Eaton <[EMAIL PROTECTED]> wrote: > >> I think we should support multiple ways of reading private keys for >> maximum compatibility. We need to document what they are, however. >> >> With PHP I am able to parse a PCKS8 PEM encoded RSA private key: >> >> <?php >> $fp = fopen('rsa.p8', 'r'); >> $priv = fread($fp, 8192); >> fclose($fp); >> $key = openssl_pkey_get_private($priv); >> if ($key) { >> print "Got $key\n"; >> } else { >> print "Damn\n"; >> } >> ?> >> >> On Thu, May 22, 2008 at 8:57 AM, Ropu <[EMAIL PROTECTED]> wrote: >> > Hi >> > >> > In PHP that was a little headache. >> > >> > To have to many different ways of encoded keys. In fact, PHP doesnt have >> > native support for PKCS8, so i had to add a system call >> > exec("openssl pkcs8 -inform DER -outform PEM -out " . $out . " >> -nocrypt >> > -in " . $in); >> > to convert it to a PHP friendly key from the oauth.json "consumer_secret" >> in >> > AUTHORIZED req >> > >> > And for SIGNED we had to check if the key is in PEM or PKCS8, and if it >> has >> > or not secret_phrase, etc >> > >> > Can we try to standardize one way of encoding the private keys? >> > >> > >> > ropu >> > >> > >> > On Thu, May 22, 2008 at 12:33 AM, Arne Roomann-Kurrik <[EMAIL PROTECTED] >> > >> > wrote: >> > >> >> Thanks Brian, I had forgotten about that post. After a bit of playing >> >> around, I got the following steps to work. Copying here for the benefit >> of >> >> anyone wanting to poke around signed makeRequest stuff with the >> >> samplecontainer: >> >> >> >> 1.) Generate an OpenSSL key using: >> >> >> >> openssl genrsa -out openssl_key.pem 1024 >> >> >> >> 2.) Convert to PKCS#8 format: >> >> >> >> openssl pkcs8 -topk8 -in openssl_key.pem -inform pem -out >> >> openssl_key_pk8.pem -outform pem -nocrypt >> >> >> >> 3.) Remove the header and footer lines from openssl_key_pk8.pem. If >> >> openssl_key_pk8.pem is: >> >> >> >> -----BEGIN PRIVATE KEY----- >> >> >> >> ...base64 encoded key... >> >> >> >> -----END PRIVATE KEY----- >> >> >> >> Then I was only able to make this work by deleting the "-----BEGIN >> PRIVATE >> >> KEY-----" and "-----END PRIVATE KEY-----" lines from the file. Not sure >> if >> >> this is a bug or if I'm going about this incorrectly, but it looks like >> >> this >> >> is because >> >> >> >> >> http://oauth.googlecode.com/svn/code/java/core/src/main/java/net/oauth/signature/RSA_SHA1.javaexpects >> >> a PEM encoded private key passed as a String to be a base64 encoded >> >> byte array without any additional data and doesn't strip any lines out >> >> before base64 decoding it. SigningFetcherFactory.java winds up loading >> the >> >> key file and passing it to the OAuth lib without stripping these either, >> >> hence the need to manually remove them. >> >> >> >> 4.) Edit java/gadgets/conf/gadgets.properties to point to >> >> openssl_key_pk8.pem: >> >> >> >> signing.key-file=/path/to/openssl_key_pk8.pem >> >> >> >> 5.) mvn install and mvn -Prun as normal. Signed makeRequest calls from >> the >> >> samplecontainer will now function. >> >> >> >> ~Arne >> >> >> >> >> >> On Wed, May 21, 2008 at 11:46 AM, Brian Eaton <[EMAIL PROTECTED]> >> wrote: >> >> >> >> > On Wed, May 21, 2008 at 11:00 AM, Arne Roomann-Kurrik < >> [EMAIL PROTECTED] >> >> > >> >> > wrote: >> >> > > I've been working on some validation examples for makeRequest and >> have >> >> > been >> >> > > trying to set up Shindig to be able to hit my local server. When I >> try >> >> > to >> >> > > do a signed makeRequest call, I get the following response from >> >> > > /gadgets/proxy: >> >> > > >> >> > > HTTP ERROR: 400</h2><pre>INTERNAL_SERVER_ERROR >> >> > > java.security.spec.InvalidKeySpecException: >> >> > > java.security.InvalidKeyException: IOException : >> >> > DerInputStream.getLength(): >> >> > > lengthTag=127, too big. >> >> > > >> >> > > I haven't been able to find any documentation about using signed >> >> > makeRequest >> >> > > calls in the samplecontainer and was hoping that someone would be >> able >> >> to >> >> > > shed some light on this error. Am I missing a configuration step? >> >> > >> >> > This might help: >> >> > >> >> > >> >> >> http://mail-archives.apache.org/mod_mbox/incubator-shindig-dev/200803.mbox/[EMAIL >> PROTECTED] >> >> > >> >> >> >> >> >> >> >> -- >> >> OpenSocial IRC - irc://irc.freenode.net/opensocial >> >> >> > >> > >> > >> > -- >> > .-. --- .--. ..- >> > R o p u >> > >> > > > > -- > .-. --- .--. ..- > R o p u >
