question

effs05 avatar image
0 Likes"
effs05 asked

Digital Signatures for APIs

where is eBay public API ,how do i get a public key in the form of a JWE by eBay public API .

how to build a signature base,need some sample.

digital signatures for apis
· 2
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I'm guessing that once they have implemented this on the sandbox, you will be able to download your JWE from the dev portal, like you can your access keys.
0 Likes 0 ·
zimma1 avatar image
0 Likes"
zimma1 answered

It would be nice if the docker image that ebay provide for testing requests, actually verified their test request as valid.

10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

effs05 avatar image
0 Likes"
effs05 answered

i build signatur base like bellow.

"content-digest": sha-256=:qHHEen9IoSs4qZTkipZZ+rXWN289vON1Wby2F+/oZi0=:

"x-ebay-signature-key": testPublicKey

"@method": POST

"@path": /verifysignature

"@authority": 127.0.0.1

"@signature-params": ("digest" "x-ebay-signature-key" "@method" "@path" "@authority");created=1660611465471;alg="rsa-v1_5-sha256"


i am not sure the wrong response is beacase wrong formate of signature base,or other reason。

this is how i build my signature,still don't know if is it Ok。I use RSA public and private JWE key

public static String getSignature(String signBase) throws CryptoException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IOException {
    StringBuilder pkcs8Lines = new StringBuilder();
    BufferedReader rdr = new BufferedReader(new StringReader(testPrivateKey));
    String line;
    while ((line = rdr.readLine()) != null) {
        pkcs8Lines.append(line);
    }
    // Remove the "BEGIN" and "END" lines, as well as any whitespace
    String pkcs8Pem = pkcs8Lines.toString();
    pkcs8Pem = pkcs8Pem.replace("-----BEGIN PRIVATE KEY-----", "");
    pkcs8Pem = pkcs8Pem.replace("-----END PRIVATE KEY-----", "");
    pkcs8Pem = pkcs8Pem.replaceAll("\\s+","");
    // Base64 decode the result
    byte [] pkcs8EncodedBytes = Base64.getDecoder().decode(pkcs8Pem);
    // extract the private key
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8EncodedBytes);
    KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
    PrivateKey privateKey = kf.generatePrivate(keySpec);
    Signature signer =  Signature.getInstance("SHA1withRSA");
    signer.initSign(privateKey);
    signer.update(signBase.getBytes());
    byte[] signature = signer.sign();
    return "sig1=:"+ Base64.getEncoder().encodeToString(signature) +":";
}
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.