如何保护谷歌播放公钥做InApp帐单时， [英] How to protect Google Play public key when doing InApp Billing

问题描述

其实，这是一个有点傻了有关保护公共密钥（什么是公共密钥的定义呢？），但是具体根据<一href="http://developer.android.com/guide/google/play/billing/billing_best_practices.html">documentation由谷歌：

Actually this is a little bit silly about protecting public key (what is the definition of public key then?) but as per the documentation by Google:

要保持你的公钥的恶意用户和黑客攻击，不   在任何code为文字字符串嵌入。相反，构建   字符串在运行时从片或使用位操作（例如，   异或与其他一些字符串）隐藏实际的关键。密钥本身是   没有秘密信息，但你不希望很容易让一个   黑客或恶意用户用其它的公钥。

To keep your public key safe from malicious users and hackers, do not embed it in any code as a literal string. Instead, construct the string at runtime from pieces or use bit manipulation (for example, XOR with some other string) to hide the actual key. The key itself is not secret information, but you do not want to make it easy for a hacker or malicious user to replace the public key with another key.

有没有推荐的方式做到这一点？

Are there any recommended way to do it?

我知道有很多方法可以做到这一点，我只是不希望遵循同样的方式人们是如何处理的的密码哈希的过去（例如MD5，SHA1等），我想知道上面用例的最佳实践。

I know there are many ways to do it, I just don't want to follow the same way how people handle password hashing in the past (e.g. md5, sha1 etc), I want to know the best practice in the above use case.

推荐答案

这来了很多在这里:)你引用了一段背后的想法是，在应用内计费是安全的，则需要验证交易签名。这些都与私钥，用你的开发者账户相关联的签名。关键在于在谷歌的服务器上，所以它是相当安全的假设，没有人可以与之签约数据。为了验证它，你需要你的公钥，你可以从开发者控制台复制。如果有人在你的应用程序取代了它，他们可以欺骗它接受来自非法来源的应用内结算的交易，因为如果他们厂生产的公钥，他们可能还控制着相应的私钥。然而，在实践中，更容易简单地修改code在正确的地方总是返回true isLicensed（）， hasItem（ ）或类似的方法，你可能也没有人做到这一点。

This comes up a lot around here :) The idea behind the paragraph you are quoting is that for in-app billing to be secure, you need to verify transaction signatures. Those are signed with a private key, associated with your developer account. The key resides on Google's servers, so it's fairly safe to assume that no one else can sign data with it. To verify it you need your public key, which you can copy from the developer console. If someone replaced it in your app, they could fool it to accept in-app billing transactions from unauthorized sources, because if they plant the public key, they probably also control the corresponding private key. In practice however, it is far easier to simply modify your code in the right places to always return true for isLicensed(), hasItem() or similar methods you might have and no one does this.

要保护密钥的最好办法是，当然，不要在你的应用程序中的关键的。将所有的交易验证逻辑到你的服务器，并使用HTTPS连接到它。正确验证证书链，以确保你说你自己的服务器（S）。否则，说不定有人会惹DNS各地和愚弄你的应用程序连接到自己的服务器。对采购的iOS类似的攻击几个星期前宣布。

The best way to protect the key is, of course, not to have the key in your app at all. Move all of the transaction validation logic to your server, and use HTTPS to connect to it. Properly validate the certificate chain to ensure you are talking to your own server(s). Otherwise, someone might mess around with DNS and fool your app to connect to their own servers. A similar attack against iOS purchasing was announced a couple of weeks ago.

接下来的最好的事情就是以某种方式混淆的关键，并把它列入你的应用程序。这样做，你并不需要一台服务器的优点，但缺点是，如果有人就足够了决定，他们会搞清楚的，因为他们总是能够扭转你的应用程序的字节code。所以，最好的办法是拿出自己的原创办法做到这一点并不在公共论坛上展示了:)为了使它有点困难，可以实现在本地code，这是很难验证的一部分（但不是不可能）来分析。尽管如此，如上所述，修补字节code在适当的地方是远远超过试图取代公开密钥更容易，所以这就是最饼干都行。

The next best thing is to somehow obfuscate the key, and have it included in your app. This has the advantage that you don't need a server, but the disadvantage is that if someone is determined enough they will figure it out, since they can always reverse the byte code of your app. So your best bet is to come up with your own original way to do it that doesn't show up on public forums :) To make it a bit harder, you can implement the validation part in native code, which is harder (but not impossible) to analyze. Still, as mentioned above, patching byte code in the right places is far easier than trying to replace the public key, so that is what most crackers will do.

这篇关于如何保护谷歌播放公钥做InApp帐单时，的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！