[英]Android Pay: Public, Private Key Pair generation (Elliptic Curve with NISTP-256)
Android Pay Issue Android Pay问题
In Android Pay the process to generate a token from a credit card is as follows: 在Android Pay中,从信用卡生成令牌的过程如下:
Generate a public and private key (the calls below return the keys using an Elliptic Curve with NISTP-256 algorithm) 生成公钥和私钥(下面的调用使用带有NISTP-256算法的椭圆曲线返回密钥)
To do this I call ... 为此,我打电话给...
public static KeyPair generateKeyPair() {
KeyPair pair =null;
try {
ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime256v1");
java.security.KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
g.initialize(ecGenSpec, new SecureRandom());
pair = g.generateKeyPair();
pair.getPrivate();
pair.getPublic();
}catch (Throwable e ){
e.printStackTrace();
}
return pair;
}
… This successfully returns the public and private key, but I am not sure what the format/encoding of the keys is in. I could not find any documentation on this. …这成功返回了公钥和私钥,但是我不确定密钥的格式/编码是什么。在此上找不到任何文档。
Question 1: Is this the right way to generate a public and private key for Android Pay? 问题1:这是为Android Pay生成公钥和私钥的正确方法吗?
Pass the public key in base64 encoded format to the Android Pay createMaskedWalletRequet
method (details of this are in the Android Pay documentation) 将以base64编码格式的公钥传递给Android Pay
createMaskedWalletRequet
方法(其详细信息在Android Pay文档中)
String publicKey = String (Base64.encodeBase64(pair.getPublic().getEncoded()));
PaymentMethodTokenizationParameters parameters = PaymentMethodTokenizationParameters.newBuilder().setPaymentMethodTokenizationType(PaymentMethodTokenizationType.NETWORK_TOKEN).addParameter("publicKey", publicKey).build();
Here I get the following exception: 在这里,我得到以下异常:
03-30 17:02:06.459 3786-15263/?
03-30 17:02:06.459 3786-15263 /? E/WalletClient: Error validating MaskedWalletRequest.paymentMethodTokenizationParameters: first byte of parameter "publicKey" must be 0x04 (which indicates uncompressed point format)
E / WalletClient:验证MaskedWalletRequest.paymentMethodTokenizationParameters时出错:参数“ publicKey”的第一个字节必须为0x04(指示未压缩的点格式)
Question 2: Can you please help me understand what I am doing wrong. 问题2:能否请您帮助我了解我在做什么错。 I think this may be related to a format mismatch, but not sure, and not sure how to fix it.
我认为这可能与格式不匹配有关,但不确定,也不确定如何解决。
Appreciate your help!! 感谢你的帮助!!
Answer 1: 答案1:
According to Android Pay document you can generate public key by OpenSSL like this: https://developers.google.com/android-pay/integration/gateway-processor-integration#example-using-openssl-to-generate-and-format-a-public-key enter link description here 根据Android Pay文档,您可以像这样通过OpenSSL生成公钥: https : //developers.google.com/android-pay/integration/gateway-processor-integration#example-using-openssl-to-generate-and-format -a-public-key 在此处输入链接描述
Then generate private key use 然后生成私钥使用
openssl pkcs8 -topk8 -inform PEM -outform PEM -in merchant-key.pem -nocrypt
Or you can use a shell script file.(example: genkey.sh in Android pay quickstart ) 或者,您可以使用Shell脚本文件。(例如: Android pay的quickstart中的 genkey.sh)
Use the following code(copy code to .sh file and double click) you can get private key. 使用以下代码(将代码复制到.sh文件并双击),您可以获得私钥。
#!/bin/bash
# Generate key.pem file:
openssl ecparam -name prime256v1 -genkey -noout -out key.pem
# Print public and private key in hex form:
openssl ec -in key.pem -text -noout
openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -nocrypt
sleep 2m
Then copy pub string in terminal and replace in this code then save this code to create .sh file again 然后在终端中复制pub字符串并替换为此代码,然后保存此代码以再次创建.sh文件
#!/bin/bash
KEY="04:a9:9b:54:81:b0:67:0d:d3:50:84:e0:d4:d2:29:
a5:3a:d6:5c:21:ae:5e:dd:58:75:f0:27:63:44:e8:
a9:86:8d:cf:17:64:63:96:54:34:ed:16:37:c4:37:
e6:b7:27:ad:06:af:b0:07:d1:b5:66:0a:2a:85:c0:
71:9e:cc:39:54"
echo $KEY | xxd -r -p | base64
sleep 2m
Then get public key. 然后获取公钥。
Answer 2: You can test by these keys: 答案2:您可以通过以下按键进行测试:
Public Key: BKmbVIGwZw3TUITg1NIppTrWXCGuXt1YdfAnY0ToqYaNzxdkY5ZUNO0WN8Q35rcnrQavsAfRtWYKKoXAcZ7MOVQ= 公钥:BKmbVIGwZw3TUITg1NIppTrWXCGuXt1YdfAnY0ToqYaNzxdkY5ZUNO0WN8Q35rcnrQavsAfRtWYKKoXAcZ7MOVQ =
(This public key can pass as a string to MaskedWalletRequet directly) (此公钥可以作为字符串直接传递给MaskedWalletRequet)
Private Key: MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTA/wqrlbeVddorTlaT1AqhALrIBwS+DUdV3N1K1gImqhRANCAASpm1SBsGcN01CE4NTSKaU61lwhrl7dWHXwJ2NE6KmGjc8XZGOWVDTtFjfEN+a3J60Gr7AH0bVmCiqFwHGezDlU 私钥:MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTA / wqrlbeVddorTlaT1AqhALrIBwS + DUdV3N1K1gImqhRANCAASpm1SBsGcN01CE4NTSKaUiLhCA7PM7KJF7KJF1CJ7KJF1CJ7KJF1CJ7KJF1CJ7KJF1CJ7KJ2KJ1J1J
The problem is in generating the keys. 问题在于生成密钥。 I had faced a similar issue.
我曾经遇到过类似的问题。 To resolve this I'm calling shell commands from java code to generate keys.
为了解决这个问题,我从Java代码中调用Shell命令来生成密钥。 PFB.
PFB。
String pemPath = "/path for storing pem path";
//To generate pem file
executeSH("openssl ecparam -name prime256v1 -genkey -noout -out "+pemPath+"key.pem",true);
//To obtain publicKeyString from pem file
String publicKeyString = executeSH(new String[]{"/bin/sh", "-c", "openssl ec -in key.pem -pubout -text -noout | grep -A5 pub: | tail -5 | xxd -r -p | base64"},false);
//To obtain privateKeyString from pem file
String privateKeyString = executeSH("openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -nocrypt",false);
privateKeyString=privateKeyString.substring(27, 211);
//Deleteing PEM file
executeSH("rm "+ pemPath+"key.pem",false);
//executeSH function overload this function with commands[] parameter
private String executeSH(String command, boolean waitFor) throws IOException, InterruptedException {
Process process = null;
InputStream inputStream = null;
InputStreamReader inputStreamReader = null;
BufferedReader bufferedReader = null;
String line,output="";
try {
Runtime runtime = Runtime.getRuntime();
process = runtime.exec(command);
inputStream = process.getInputStream();
inputStreamReader = new InputStreamReader(inputStream);
bufferedReader = new BufferedReader(inputStreamReader);
while((line=bufferedReader.readLine())!=null){
output += line;
}
if(waitFor){
process.waitFor();
}
return output;
} finally {
if(bufferedReader!=null) bufferedReader.close();
if(inputStreamReader!=null) inputStreamReader.close();
if(inputStream!=null) inputStream.close();
if(process!=null) process.destroy();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.