I am trying to generate a digital signature using the crypto module for node.js (0.6.15). The following code prints nothing (on both a windows and a linux machine) and res is of length 0. Also signer never throws an exception no matter what dummy input I give as key. openssl is installed in version 1.0.1. What am I doing wrong?
var crypto = require('crypto');
var signer = crypto.createSign("RSA-SHA1")
signer.update("sign me!")
//dummy key
var private_key = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL4vpoH3H3byehjj" +
"7RAGxefGRATiq4mXtzc9Q91W7uT0DTaFEbjzVch9aGsNjmLs4QHsoZbuoUmi0st4" +
"x5z9SQpTAKC/dW8muzacT3E7dJJYh03MAO6RiH4LG34VRTq1SQN6qDt2rCK85eG4" +
"5NHI4jceptZNu6Zot1zyO5/PYuFpAgMBAAECgYAhspeyF3M/xB7WIixy1oBiXMLY" +
"isESFAumgfhwU2LotkVRD6rgNl1QtMe3kCNWa9pCWQcYkxeI0IzA+JmFu2shVvoR" +
"oL7eV4VCe1Af33z24E46+cY5grxNhHt/LyCnZKcitvCcrzXExUc5n6KngX0mMKgk" +
"W7skZDwsnKzhyUV8wQJBAN2bQMeASQVOqdfqBdFgC/NPnKY2cuDi6h659QN1l+kg" +
"X3ywdZ7KKftJo1G9l45SN9YpkyEd9zEO6PMFaufJvZUCQQDbtAWxk0i8BT3UTNWC" +
"T/9bUQROPcGZagwwnRFByX7gpmfkf1ImIvbWVXSpX68/IjbjSkTw1nj/Yj1NwFZ0" +
"nxeFAkEAzPhRpXVBlPgaXkvlz7AfvY+wW4hXHyyi0YK8XdPBi25XA5SPZiylQfjt" +
"Z6iN6qSfYqYXoPT/c0/QJR+orvVJNQJBANhRPNXljVTK2GDCseoXd/ZiI5ohxg+W" +
"UaA/1fDvQsRQM7TQA4NXI7BO/YmSk4rW1jIeOxjiIspY4MFAIh+7UL0CQFL6zTg6" +
"wfeMlEZzvgqwCGoLuvTnqtvyg45z7pfcrg2cHdgCXIy9kErcjwGiu6BOevEA1qTW" +
"Rk+bv0tknWvcz/s="
var res = signer.sign(private_key, output_format='base64')
console.log(res);
As Ben Noordhuis tells me here the key used above is not in the correct format. it is best to load the pem format from disk.
Related
var crypto = require('crypto')
var secret = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
var date = '20151229'
var region = 'us-east-1'
var service = 's3'
var terminator = 'aws4_request'
var policyEncoded = 'eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9'
console.log('Calculated answer:', crypto
.createHmac('sha256', 'AWS4' + secret)
.update(date)
.update(region)
.update(service)
.update(terminator)
.update(policyEncoded)
.digest('hex'))
console.log('Correct answer :', '8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e')
I wrote the code to calculate the signature for AWS4 S3 upload from the browser.
The example StringToSign comes from here:
Signature v4 calculation example for POST
The expected output is also present on the same page.
The algorithm to sign is presented here:
Calculating a signature v4 for POST
But the result I am getting does not match the correct answer. Please help to locate the error.
I've googled and searched dozens of answers here on SO already, spend 10+ hours.
Short version of exebook answer:
var hmac = require('crypto').createHmac
var secret = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
var req = {
date: '20151229',
region: 'us-east-1',
service: 's3',
terminator: 'aws4_request',
policyEncoded: 'eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9'
}
var signature = Object.keys(req).
reduce((h, k) => hmac('sha256', h).update(req[k]).digest(), 'AWS4' + secret).
toString('hex')
console.log(signature)
//8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
It does not work because .update() merely writes new data into a hash stream. AWS requires you to hash the result of previous steps with a new key like this:
var x
x = crypto.createHmac('sha256', 'AWS4' + secret).update(date).digest()
x = crypto.createHmac('sha256', x).update(region).digest()
x = crypto.createHmac('sha256', x).update(service).digest()
x = crypto.createHmac('sha256', x).update(terminator).digest()
x = crypto.createHmac('sha256', x).update(policyEncoded).digest()
console.log('Calculated answer:', x.toString('hex'))
console.log('Correct answer :', '8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e')
Output:
Calculated answer: 8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
Correct answer : 8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
How do you create the hex encoded signature in crypto in a nodejs environment?
Do you just do this like so?
const secret = 'mysecret';
const date = yyyymmdd;
const dateKey = crypto.createHmac('sha256', 'AWS4' + secret + ',' + date);
const dateRegionKey = crypto('sha256', dateKey + ',' + 'myregion')
const DateRegionServiceKey = crypto('sha256', dateRegionKey + ',' + 'someservice');
const signingKey = crypto('sha256', DateRegionServiceKey + ',' + 'aws4_request');
const signature = crypo('sha256', signingKey + base64Policy);
High level it looks ok. I hope you know that secret is not just a string, it is the secretKey of your IAM User accessKey/secretKey pair.
Any particular reason you want to do it yourself and not use the AWS SDK?
Also look at below for a sample signing implementation (in Java) which works for AWS ElasticSearch. Look at getSignatureKey and calculateSignature methods.
https://github.com/dy10/aws-elasticsearch-query-java/blob/master/src/main/java/dy/aws/es/AWSV4Auth.java
you should use this library https://github.com/mhart/aws4
you need to use result = aws4.sign({}, { cred from AWS })
and it returns result.headers that are the headers you need to send in your request
I try to do crypto on node.js but badly I fail to have the same result than online sites.
I want to encrypt some binary data with a binary key. I use the tutorial on nodejs site but I have a different result from my reference data set.
My reference data set is validated with java code, with C code and with two online site :
http://aes.online-domain-tools.com/ and https://www.hanewin.net/encrypt/aes/aes-test.htm
Have you an idea how to encrypt the same way that those sites?
I guess it can be the padding?
Thanks in advance.
François
My reference data set :
key=8CBDEC62EB4DCA778F842B02503011B2
src=0002123401010100000000000000c631
encrypted=3edde3f1368328a1a37cf596bc8d4a7c
My code :
var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var src = new Buffer('0002123401010100000000000000c631', 'hex')
cipher = crypto.createCipher("aes-128-ecb", key)
result = cipher.update(src).toString('hex');
result += cipher.final().toString('hex');
"result : " + result
Output :
result : 4da42b57b99320067979086700651050e972f1febd1d506e5c90d3b5d3bc9424
Thank you Artjom B.
I post hereunder the fixed code :
var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var src = new Buffer('0002123401010100000000000000c631', 'hex')
cipher = crypto.createCipheriv("aes-128-ecb", key, '')
cipher.setAutoPadding(false)
result = cipher.update(src).toString('hex');
result += cipher.final().toString('hex');
"result : " + result
To decrypt, do the same :
var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var encrypted = new Buffer('3edde3f1368328a1a37cf596bc8d4a7c', 'hex')
decipher = crypto.createDecipheriv("aes-128-ecb", key, '')
decipher.setAutoPadding(false)
result = decipher.update(encrypted).toString('hex');
result += decipher.final().toString('hex');
"result : " + result
Thanks, i am sincerely grateful.
Regards, François
I am trying to make run this
function hex2a(hex) {
var str = '';
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
//Raw cookie
var cookie = "B417B464CA63FE780584563D2DA4709B03F6195189044C26A29770F3203881DD90B1428139088D945CF6807CA408F201DABBADD59CE1D740F853A894692273F1CA83EC3F26493744E3D25D720374E03393F71E21BE2D96B6110CB7AC12E44447FFBD810D3D57FBACA8DF5249EB503C3DFD255692409F084650EFED205388DD8C08BF7B941E1AC1B3B70B9A8E09118D756BEAFF25834E72357FD40E80E76458091224FAE8";
//decryptionKey from issuers <machineKey>
var deckey = "FFA87B82D4A1BEAA15C06F6434A7EB2251976A838784E134900E6629B9F954B7";
var crypto = require('crypto');
var ivc = cookie, iv, cipherText, ivSize = 16, res = "";
ivc = new Buffer(ivc, 'hex');
iv = new Buffer(ivSize);
cipherText = new Buffer(ivc.length - ivSize);
ivc.copy(iv, 0, 0, ivSize);
ivc.copy(cipherText, 0, ivSize);
c = crypto.createDecipheriv('aes-256-cbc', hex2a(deckey), iv.toString('binary'));
res = c.update(cipherText, "binary", "utf8");
res += c.final('utf8');
console.log(res);
In this Q&A, it mentions about differences about node js versions, I tried that apply that one but with out success:
res = c.update(cipherText, "binary", "utf8");
line result such result
�sJ舸=�X7D������G����}x���T
and
res += c.final('utf8');
gives this error
0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
nodejs version: 4.1.2 and crypto version 0.0.3
How can I properly decrypt cookie with this algorith or can you suggest any other?
[Assuming you are trying to decrypt a .NET framework cookie]:
(Note: This answer was completely rewritten as things were not as simple as it seemed)
The encryption schema is described here, citing interesting parts:
VERIFY + DECRYPT DATA (fEncrypt = false, signData = true)
Input: buf represents ciphertext to decrypt, modifier represents data to be removed from the end of the plaintext (since it's not really plaintext data)
Input (buf): E(iv + m + modifier) + HMAC(E(iv + m + modifier))
Output: m
The 'iv' in the above descriptions isn't an actual IV. Rather, if ivType = > IVType.Random, we'll prepend random bytes ('iv') to the plaintext before feeding it to the crypto algorithms. Introducing randomness early in the algorithm prevents users from inspecting two ciphertexts to see if the plaintexts are related. If ivType = IVType.None, then 'iv' is simply an empty string. If ivType = IVType.Hash, we use a non-keyed hash of the plaintext.
The 'modifier' in the above descriptions is a piece of metadata that should be encrypted along with the plaintext but which isn't actually part of the plaintext itself. It can be used for storing things like the user name for whom this plaintext was generated, the page that generated the plaintext, etc. On decryption, the modifier parameter is compared against the modifier stored in the crypto stream, and it is stripped from the message before the plaintext is returned.
Which is (hopefully) implemented with the following script:
// Input
var cookie = "B417B464CA63FE780584563D2DA4709B03F6195189044C26A29770F3203881DD90B1428139088D945CF6807CA408F201DABBADD59CE1D740F853A894692273F1CA83EC3F26493744E3D25D720374E03393F71E21BE2D96B6110CB7AC12E44447FFBD810D3D57FBACA8DF5249EB503C3DFD255692409F084650EFED205388DD8C08BF7B941E1AC1B3B70B9A8E09118D756BEAFF25834E72357FD40E80E76458091224FAE8";
var decryptionKey = "FFA87B82D4A1BEAA15C06F6434A7EB2251976A838784E134900E6629B9F954B7";
var validationKey = "A5326FFC9D3B74527AECE124D0B7BE5D85D58AFB12AAB3D76319B27EE57608A5A7BCAB5E34C7F1305ECE5AC78DB1FFEC0A9435C316884AB4C83D2008B533CFD9";
// Parameters
var hmacSize=20
// Make buffers for input
var cookieBuffer = new Buffer(cookie, 'hex');
var decryptionKeyBuffer = new Buffer(decryptionKey, 'hex');
var validationKeyBuffer = new Buffer(validationKey, 'hex');
// Parse cookie
var curOffset=0;
var cipherText = new Buffer(cookieBuffer.length - hmacSize);
curOffset+=cookieBuffer.copy(cipherText, 0, curOffset, curOffset+cipherText.length);
var hmac = new Buffer(hmacSize);
curOffset+=cookieBuffer.copy(hmac, 0, curOffset, curOffset+hmac.length);
// Verify HMAC
var crypto = require('crypto');
var h = crypto.createHmac('sha1', validationKeyBuffer);
h.update(cipherText);
var expectedHmac = h.digest();
console.log('Expected HMAC: ' + expectedHmac.toString('hex'));
console.log('Actual HMAC: ' + hmac.toString('hex'));
//if(!expectedHmac.equals(hmac)) { // Note: Requires nodejs v0.11.13
// throw 'Cookie integrity error';
//}
// Decrypt
var zeroIv = new Buffer("00000000000000000000000000000000", 'hex');
var c = crypto.createDecipheriv('aes-256-cbc', decryptionKeyBuffer, zeroIv);
var plaintext = Buffer.concat([c.update(cipherText), c.final()]);
// Strip IV (which is the same length as decryption key -- see notes below)
var res = new Buffer(plaintext.length-decryptionKeyBuffer.length);
plaintext.copy(res, 0, decryptionKeyBuffer.length, plaintext.length);
// Output
console.log('HEX: ' + res.toString('hex'));
console.log('UTF-8: ' + res.toString('utf8'));
Giving result:
Expected HMAC: 88e332b9a27b8f6f8d805ae718c562c1c8b721ed
Actual HMAC: 6beaff25834e72357fd40e80e76458091224fae8
HEX: 010112ea9a47b2f2ce08fe121e7d78b6f2ce0801085400650073007400550073006500720016540065007300740020007400650073007400730073006f006e002c00200072006f006c0066007a006f007200012f00ff1d892908d9c497bd804f5f22eab043ff6368702c
UTF-8: ��G���}x�TestUserTest testsson, rolfzor/���ė��O_"��C�chp,
Some (random) notes about this code:
it assumes that AES is used for encryption and HMAC-SHA1 is used for authentication
as the used authentication key is not known, the integrity check condition is commented out and verification key from this very related question is used (which is the reason for authentication tag mismatch)
the padding used for AES encryption is PKCS#7
the 'modifier' field is assumed empty. If this is not the case you would have to check it and remove it from the plaintext
for production environment you definitely should check the authentication tag (otherwise you would expose yourself to nasty attacks)
to avoid even nastier attacks, the authentication tag should be tested for equality in constant time (which might be tricky to implement in nodejs). Please note that the commented-out code is very probably vulnerable to timing-attacks.
the IV length is equal to the key length (see here for the reason)
Disclaimer: I did not study the original .NET code thoroughly, nor am I a crypto expert so please do validate my thoughts
Good luck!
i'm currently integrating Google Play in-app billing to my androidgame project, i have a Node.js server set up and plan to send it the "originalJson" and "signature" value of the Google Play purchase response for server side verification.
then i put up a bit of test on my Node.js server, first here are the "originalJson" and "signature" value of one of my purchase(fetched from the client side):
originalJson:{"orderId":"GPA.1312-8694-0319-25069","packageName":"com.shihu.sm.testin","productId":"com.shihu.sm.testin.diamond","purchaseTime":1452598011176,"purchaseState":0,"developerPayload":"{\"iabProductId\":\"com.shihu.sm.testin.diamond\",\"gOrderId\":\"2cb77de1a2a94db18b6df84f8037ea5b\",\"serverId\":\"6\",\"productId\":\"202\"}","purchaseToken":"bjoncdcebeclpklebmadidgb.AO-J1OyEbKLL0rhWQAc1hjdWyJPXHkAoHZTfZasqUuFWKWyAlnj-opiDLYILNRpnWgcblO8vV37fWf0kpeNMRZcgRT-fRxAO4P8VQPmU-TJakB-sCiRx8sUxL4nxnUBMnZdFWdpaIZDW5tP3Ck4aO57n1o66PwnjZw"}
signature:JdfwMxprv7iMbI5YnVIWXLEAqiDhAQQva2IdfxtmhqBvLNU4Msi8sj31mnrVJfShxNmQI3zhlNUrCCaXdraFM0/y8O4PoZWYr+PFjCmlMovhG+ldeImEu7x52GLoQ7DsO8Yh4aLYmxemezFc1RjcSpq+l6Zzu9T6j3fHjLfQ060SEFapZITI/poxlFyvJX3bHhF9wGP54tL6pGjB/7fBEqTM1zHXUYeZyz+4akqV8oODlIWwMKhvN5tX/Zra9kh9hm0bnJT/1YWso3tLlT/WTK9nsP1l/lTnEXvgzq9QVSGbT/cpD7KSbR5N4i/NmPYAlCOvesW9OlRD05L8yytpBw==
then i wrote the following code to do the verification with "RSA-SHA1" algorithm and "base64" signature encoding:
var crypto = require('crypto');
console.log('start verification');
var public_key = "-----BEGIN PUBLIC KEY-----" + "\r\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+VmzvTvb856ur/J+PWC" + "\r\n" +
"gFRhLYV/chAuWzUuqlIh5gnYz1RFOYymCWAKP3wguol8YSe/72zEqAvPutBU2XVj" + "\r\n" +
"zx3sHT+GUInbKjgZHzxw0viPh//OfaooEvEFMz9C6J8ABwpGNQUpACmyw12ZKshP" + "\r\n" +
"HCJ6PZV+nsWry6PEZgnYCF7w5SDP4GY2tr3Q5D0iQwoALA40KYQfsKZ6pI5L8bDT" + "\r\n" +
"2MLTFoemg/npeARy9HYkbonPatBhWjp2flzBRcyQx7DyQ7csLvPl5AGHRT4h5RBq" + "\r\n" +
"RlLj+DBgNDAdwvHGyfhbTz7fPsT6xn7qifxAN+2gQsemSVmhi15zECF/k5MtTiOF" + "\r\n" +
"owIDAQAB" + "\r\n" +
"-----END PUBLIC KEY-----";
verifier= crypto.createVerify("RSA-SHA1");
originalJson = '{"orderId":"GPA.1312-8694-0319-25069","packageName":"com.shihu.sm.testin","productId":"com.shihu.sm.testin.diamond","purchaseTime":1452598011176,"purchaseState":0,"developerPayload":"{\"iabProductId\":\"com.shihu.sm.testin.diamond\",\"gOrderId\":\"2cb77de1a2a94db18b6df84f8037ea5b\",\"serverId\":\"6\",\"productId\":\"202\"}","purchaseToken":"bjoncdcebeclpklebmadidgb.AO-J1OyEbKLL0rhWQAc1hjdWyJPXHkAoHZTfZasqUuFWKWyAlnj-opiDLYILNRpnWgcblO8vV37fWf0kpeNMRZcgRT-fRxAO4P8VQPmU-TJakB-sCiRx8sUxL4nxnUBMnZdFWdpaIZDW5tP3Ck4aO57n1o66PwnjZw"}';
signature = 'JdfwMxprv7iMbI5YnVIWXLEAqiDhAQQva2IdfxtmhqBvLNU4Msi8sj31mnrVJfShxNmQI3zhlNUrCCaXdraFM0/y8O4PoZWYr+PFjCmlMovhG+ldeImEu7x52GLoQ7DsO8Yh4aLYmxemezFc1RjcSpq+l6Zzu9T6j3fHjLfQ060SEFapZITI/poxlFyvJX3bHhF9wGP54tL6pGjB/7fBEqTM1zHXUYeZyz+4akqV8oODlIWwMKhvN5tX/Zra9kh9hm0bnJT/1YWso3tLlT/WTK9nsP1l/lTnEXvgzq9QVSGbT/cpD7KSbR5N4i/NmPYAlCOvesW9OlRD05L8yytpBw=='
verifier.update(originalJson);
if(verifier.verify(public_key, signature, "base64"))
console.log('verification succeeded');
else
console.log("verification failed");
the key string in the middle is the base64 encoded public key from Google Console split by '\r\n' with every 64 characters. at the beginning i didn't split it into chunks of 64 characters and kept failing with error saying can't generate the pub key object, it was later i followed some examples on the internet and got passed that, but till now, i haven't got a successful verification result yet.
i have referenced some more examples, and i think the 'RSA-SHA1' and 'base64' settings for the verification are the correct ones, so what am i still missing or doing wrong?
thanks
It seems that your originalJson string is missing some necessary escaping.
I've managed to verify the signature with the escaping added back in:
var originalJson = '{"orderId":"GPA.1312-8694-0319-25069","packageName":"com.shihu.sm.testin","productId":"com.shihu.sm.testin.diamond","purchaseTime":1452598011176,"purchaseState":0,"developerPayload":"{\\"iabProductId\\":\\"com.shihu.sm.testin.diamond\\",\\"gOrderId\\":\\"2cb77de1a2a94db18b6df84f8037ea5b\\",\\"serverId\\":\\"6\\",\\"productId\\":\\"202\\"}","purchaseToken":"bjoncdcebeclpklebmadidgb.AO-J1OyEbKLL0rhWQAc1hjdWyJPXHkAoHZTfZasqUuFWKWyAlnj-opiDLYILNRpnWgcblO8vV37fWf0kpeNMRZcgRT-fRxAO4P8VQPmU-TJakB-sCiRx8sUxL4nxnUBMnZdFWdpaIZDW5tP3Ck4aO57n1o66PwnjZw"}';
Pay attention to the \\'s. The string is different otherwise.