0

I'm attempting to authorize with the Google Data API as a service in a language for which there isn't any client library. The crux is in how to generate the signature. To do this I have to encode a string using "SHA256 with RSA".

I have it from here that it shouldn't be "terribly difficult" however I cannot find a description of the procedure? Anyone knows?

(The language does have a function to generate SHA256 hash codes.)

Community
  • 1
  • 1
C. E.
  • 10,297
  • 10
  • 53
  • 77
  • What language are you actually using? And, please also specify which auth procedure Google Data API uses. – Nickolay Olshevsky Aug 31 '13 at 16:41
  • Please provide a link to the spec of what you want to implement. RSA+SHA256 isn't enough to fully describe the scheme. – CodesInChaos Aug 31 '13 at 17:30
  • @CodesInChaos This is the description, is it enough? "Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the API console." (I mean that PKC... part) – C. E. Aug 31 '13 at 17:39
  • @NickolayOlshevsky Mathematica. oAuth 2.0 with a service account: https://developers.google.com/accounts/docs/OAuth2ServiceAccount – C. E. Aug 31 '13 at 17:40

1 Answers1

2

OAuth 2.0 requires RSASSA-PKCS1-V1_5-SIGN, which is described in RFC 3447. Just check section 9.2 of this RFC - you need just add some formatting to the hash of your message.

Nickolay Olshevsky
  • 13,706
  • 1
  • 34
  • 48