On 2013-12-22 05:34, Michael Barany wrote: > Hi, > > Hopefully this is the correct forum for my question. > I am trying to secure API communication between an Android App I am > developing and my backend server similar to the way Google does with their > services. > > How can I use the keystore MD5 or SHA1 to sign API requests and then how can > I verify those requests from my backend.
Hi, In order to sign you need a key. You can use a password which the user must type in once or everytime. You can also use PKI. MD5 and SHA1 are not signing functions on their own, you need HMAC or similar to sign. The following system can use passwords, asymmetric keys or PKI: https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcs.html http://webpki.org/downloads/secure-json-4-android-v1.00.zip Anders > > thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
