Implementing RSA-SHA1 signature algorithm in Java (creating a private key for use with OAuth RSA-SHA1 signature)
Solution 1
What API is the OAuthSignature
interface from? Is it possible that the tokenSecret
parameter is not necessary for RSA signatures?
Solution 2
Seems the RSA-SHA1 does't need the consumer secret, you can refer the Jersey implement here https://svn.java.net/svn/jersey~svn/trunk/jersey/contribs/jersey-oauth/oauth-signature/src/main/java/, the class com.sun.jersey.oauth.signature.RSA_SHA1.
Buhake Sindi
First person in South Africa to receive a Gold Java Badge (Received on 5th November 2011) and 71st overall on StackOverflow. Whoohoo! :-) I also founded Devoxx4Kids South Africa to promote technology education among children. Where can you find me? Sindi Technologies (Founder) My Blog (A Developer's Enterprise Log...) GitHub Twitter LinkedIn Google+ SoundCloud #SOreadytohelp The following shows the experiences I have with computer programming languages & various frameworks. It is not a reflection of who I am. Professional experience: Enterprise Java (Jakarta EE/ Java EE, Spring Framework) JavaScript Frameworks: (Angular 1.x), ReactJS (JavaScript/TypeScript), jQuery VB .NET SQL (RDBMS independent) Web Technologies: HTML/XHTML/HTML 5, JavaScript, JavaScript/jQuery/Angular 1.x and higher --> CSS (from version 1 to 3), including Bootstrap Framework External Experience: Pascal / Delphi VB C/C++ Assembly language Adobe Flex PHP Scala Go (Briefly played with)
Updated on June 05, 2022Comments
-
Buhake Sindi almost 2 years
As you know, OAuth can support RSA-SHA1 Signature. I have an
OAuthSignature
interface that has the following methodpublic String sign(String data, String consumerSecret, String tokenSecret) throws GeneralSecurityException;
I successfully implemented and tested HMAC-SHA1 Signature (which OAuth Supports) as well as the PLAINTEXT "signature".
I have searched google and I have to create a private key if I need to use
SHA1withRSA
signature: Sample code:/** * Signs the data with the given key and the provided algorithm. */ private static byte[] sign(PrivateKey key, String data) throws GeneralSecurityException { Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(key); signature.update(data.getBytes()); return signature.sign(); }
Now, How can I take the OAuth key (which is key = consumerSecret&tokenSecret) and create a
PrivateKey
to use withSHA1withRSA
signature?Thanks
From OAuth Core
9.3. RSA-SHA1
The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] (Jonsson, J. and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography; Specifications Version 2.1,” .) section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification.
And I'm now using this (http://code.google.com/apis/gdata/docs/auth/oauth.html) as a reference to doing RSA-SHA1 signature.
-
Buhake Sindi about 14 years
OAuthSignature
is my own interface. And you are correct, Using Google example (code.google.com/apis/gdata/docs/auth/oauth.html) It seems that it doesn't require Token Secret.