Python Swift

Swift Python Json data exchange signature

It has been a very popular self-signed certificate for HTTPS decryption,Then there are a lot of people realize crack of App by modifying Apple's internal purchase receipt。In fact Verified Purchase should be connected to the server App,Server to communicate with Apple's servers,The results are then sent to the App - but a lot of developers (including individual developers and corporate developers) do not bother to go to a special server maintenance,So communicate directly with the App and Apple's servers,This provides an opportunity for middle attacks。

Apple's official emphasis:"Don't verify the receipt directly in the app"
Apple's official emphasis:"Don't verify the receipt directly in the app"

Middle attack,That is when A and B are in communication,C to A pretend to be B,A to B pretend to be,Such communication process from A to <—> B become A <–> C <–> B, At this point A and B both thought the other was credible,Content of the communication can be as early as C do not know how much the change。

Normally we use the HTTPS encrypted transmission has been well against man in the middle attack,But for this particular case,To trust a certificate user initiative "unsafe" (his signature) were decrypt HTTPS,HTTPS encryption on the client side that has become untrusted。

In this situation,We need to implement their own data protection。

Security and integrity

Data protection,The main two points,"Security" and "integrity",The former protect data from prying eyes by a third party,The latter ensure that your data is not tampered in the process of communication,of course,Generally encryption also to some extent to ensure the integrity of the data,After all, if it is tampered with,Probably will not be able to decrypt the。

But only rely on encryption,It provides an opportunity to give the man in the middle attacks。So,We want to under the premise of security in HTTPS,Integrity verification code to add to itself。


The so-called "signature",And the reality of different signatures,Here is the signature by some special algorithms,The extracted feature data,Once the algorithm ensures that the data is changed,Even if it is a symbol,Then extracted feature is completely different,Such,As long as we include this feature when sending data,After receiving the re-verify it,You can ensure that data is not tampered with during transmission。


One problem is that after the change if the middleman in the data re-sign,We assume that the selected feature extraction algorithm is leaked,Middleman using the same algorithm after changing the data re-sign (ie feature extraction),The client will still think that the data is complete - so we have to agree on a "salt" value in the client and server,You can also be understood as a password。

It can not get you out to recover the data from the eigenvalues ​​in (say the extracted features,Not encrypted,This process isirreversibleof),But after the two sides agreed password when signing this "password" or an additional front in the data,Once this data is changed middleman,Even if he can use the same algorithm to re-sign,Because we do not know the password set in advance,He signed out the result was different,So that the client knows that the data was doctored up。

Replay attack

Since you can not modify the data,So hackers can crawl into force of the original datagram,Send back again,So that the server or the client to verify the signatures and encryption,Data completely correct,But in fact it is the transmission of data from another version of the client - to deal with this situation,Before going on the basis of the data structure,Add a concept - "timestamp",Usually we use utc timestamp,In fact, from GMT January 1, 1970 to the present total number of seconds - of course you can also use other energy down to the second (or even millisecond) time format - the time stamp is also appended to the data in together signing,Avoid timestamp been tampered with,The client and server is communicating,Check whether a timestamp is within an allowable range,Such as 1 second,Within 30 seconds or the like,If the interval is too long,Instant signature verification by,This data can not trust the,Such,Avoiding replay attacks。


There are many signature algorithm,Such as the common MD5、SHA1, etc., etc.,These algorithms can be used to directly use the signature,Here I used the RSA certificate signing,In fact, with longer and more complex passwords。

We data to be transmitted in the time stamp and generates a string with,The string is then extracting features SHA256,Then feature with RSA certificate private key signature;

Wait until the client receives the data,Generating a data string and the time stamp will be used in the same manner,Feature extraction carried out SHA256,Then use the public key signature verification。

Such public and private key pair,Benefit is,Unlike the convention as likely to reveal the password - after all, write the password in the program,Easy to find - the public key can circulate freely,Its role is merely to verify signaturesCan notSign the data,Without worrying about leaks。

Generate the key

Open any of your favorite terminal,Enter the command openssl ,Then enter the command genrsa -out private.estab 1024 To generate a private key,The higher the number, the more secure behind,But you have to weigh the cost of time signatures,usually,1024 enough。

Finally, enter the command RSA -in private.estab -pubout -out public.estab Generate public key,The public key is you want to put clients that are distributed to end-users of the key。(Use the command exit To exit openssl)

Actually,Generated key file is actually a plain text documents,The key is binary in nature,But they are saved base64 encoded into text。

Use the command cat private.estab To check your private key:

Use the command cat public.estab To view the public key:



For ease of use,We directly to private copy of the code above,Use a variable to hold the private key:

Then signed code:

Here sign() Just pass in the string directly,It will convert the string you pass to UTF-8 encoded binary data SHA256 digest,Then sign Summary,Eventually converting the signature result to the output base64 encoded string。


Here we also,Save the public key to a variable,Note base64 encoded copy only part,Do not the beginning and end of -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----

Key above is outputted line by line,Here we are seamlessly stitched together,Forming a long string。

Remember a reference framework import CommonCrypto

Then we write a function to generate a binary public key:

Ultimately signature verification data:

Simply pass the string to be signed,And then pass the base64-encoded signature,Function will automatically string SHA256 digest,Then sign into binary data recovery,Finally, the built-in algorithm system,Use your public key,Digest and signature verification,Verified by,return true


Using different code exchange is a very difficult thing in different platforms,Simple encryption algorithm and the way often come to different results on different platforms,The same language,In the same platform,It is the easiest,But the difference is very complex language,We must pay attention to this issue specific implementation。After tried numerous ways,I eventually realized using RSA signature cross-language interoperability platform,Hopefully this article useful to you。


Original article written by Gerber drop-off:R0uter's Blog » Swift Python Json data exchange signature

Reproduced Please keep the source and description link:

By R0uter's Blog

The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。

Leave a Reply

Your email address will not be published. Required fields are marked *