使用Facebook键哈希？ [英] Use of Facebook key hash?

问题描述

我们必须从密钥库生成密钥哈希，并将其注册到Facebook开发者控制台。我想了解密钥哈希的概念。

为服务器/客户端提供哪些好处？

我们经常看到无效的密钥哈希错误关键哈希值***不匹配任何存储的密钥散列）.So

我的应用程序如何知道正确的密钥哈希，因为我没有在任何xml或其他地方存储
？

任何一种材料或想法

解决方案

这里Hash代码用于限制应用程序，以便只有有效的应用程序其具有对应于给定证书的特定散列码）可以访问Facebook服务。因为所有应用程序都使用特定的证书签名，所以在同一个证书下的所有下载的应用程序（比如说1000个用户下载它）必须具有相同的哈希码，并且Facebook可以跟踪哪些认证应用程序使用其服务

我们可以通过以下代码轻松找到证书的哈希码：

  try { 
 PackageInfo info = getPackageManager（）。getPackageInfo（
com.facebook.samples.hellofacebook，
 PackageManager.GET_SIGNATURES）; 
（签名签名：info.signatures）{
 MessageDigest md = MessageDigest.getInstance（SHA）; 
 md.update（signature.toByteArray（））; 
 Log.d（KeyHash：，Base64.encodeToString（md.digest（），Base64.DEFAULT））; 
} 
} catch（NameNotFoundException e）{
 
} catch（NoSuchAlgorithmException e）{
 
} 
  

以上我们使用SHA（安全散列算法）来生成证书的哈希码。

SHA（安全散列算法）是消息摘要算法，它采用任何长度的输入消息，并生成160位输出作为消息摘要。
SHA称为安全的，因为在计算上不可能找到对应于给定消息摘要的消息，或者找到产生相同消息摘要的两个不同消息。因此，在向Facebook服务器发出任何真实请求之前，将第一个散列密钥
与存储的哈希密钥进行比较（即开发
哈希键或调试哈希键），如果它们只匹配
，我们可以进一步。

We have to generate key hash from keystore and register it to facebook developer console.I want to understand the concept of key hash.

What benefits it provides for the server/client ?

We often see Invalid key hash error(i.e the key hash "***" does not match any stored key hashes) .So

How does my app know the correct key hash because I'm not storing it in any xml or somewhere else?

Any kind of materials or thoughts would be appreciated.

解决方案

Here Hash code is used to restrict the applications so that only valid applications (which have this particular hash code corresponds to the given certificate) can access facebook services. Because all applications are signed with particular certificates, so all the downloaded applications(say 1000 user downloads it) under same certificate must have the same hashcode and facebook is able to track which certified application used its services

We can easily find hash code of the certificate by the following code:

try {
        PackageInfo info = getPackageManager().getPackageInfo(
                "com.facebook.samples.hellofacebook", 
                PackageManager.GET_SIGNATURES);
        for (Signature signature : info.signatures) {
            MessageDigest md = MessageDigest.getInstance("SHA");
            md.update(signature.toByteArray());
            Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
            }
    } catch (NameNotFoundException e) {

    } catch (NoSuchAlgorithmException e) {

    }

Above we are using SHA(Secure Hash Algorithm) to generate Hash code of the certificate.

SHA (Secure Hash Algorithm ) is message-digest algorithm, which takes an input message of any length and produces a 160-bit output as the message digest. SHA is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest.

So before making any real request to Facebook server , first hash key of certificate is compared with the stored hash key(i.e development hash key or debug hash key) on the server and if they match only then we can proceed further.

这篇关于使用Facebook键哈希？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！