I am going to build an SDK in which developer will enter his application base64 encoded public key. So need to verify his public key. As I am very poor in security's. Can any one tell me how to verify correctness of this key. I went through this. But couldn't understand it and I think this is just to verify signed data and not the signature key. Please let me know if I can do this? and if yes then how?
Asked
Active
Viewed 196 times
0
-
Please add language tag you trying to write solution in (Java?)... Also the question you've linked seem to talk about exactly your problem - key validation fails. – Alexei Levenkov Jan 14 '13 at 16:23
-
You can not test a key - you can test a key pair e.g. does the private and public key match together. But it is totally unclear what you want to distribute as key and where the check should be placed (on customer/client side or on a server operated by you). – Robert Jan 14 '13 at 16:31
-
Actually developer gets his application base 64 encoded public key from his Google developer interface. and google in app payment uses this key for the security encapsulations. i am going to make an billing SDK for Android google play in app purchase. in which developer will pass his public key to my SDK and my sdk will call google inapp payment APIs. so if a developer passes wrong public key then the Application terminates abruptly. which i want to avoid. I dont know if it uses private key internally so just want to verifying the correctness of his public key. – Kalpesh Patel Jan 14 '13 at 16:57