如何在 Xamarin Forms 上执行 Android 的收据验证
How do you perform receipt validation for Android on Xamarin Forms
我正在遵循此指南:https://jamesmontemagno.github.io/InAppBillingPlugin/SecuringPurchases.html
尝试执行收据验证。它提到我必须实现这个接口:IInAppBillingVerifyPurchase。但它也提到 Android 我必须从某个地方得到一个 public 密钥并将其分成三个部分。我的问题是我从哪里得到这个 public 密钥?
这似乎是由您的应用程序的 Play 管理中心提供的。
To help ensure the integrity of the transaction information that is
sent to your application, Google Play signs the JSON string that
contains the response data for a purchase. Google Play uses the
private key that is associated with your application in the Play
Console to create this signature. The Play Console generates an RSA
key pair for each application. You get this response JSON using the
getOriginalJson() method within the Purchase class.
Note: To find the public key portion of this key pair, open your
application's details in the Play Console, click Services & APIs, and
review the field titled Your License Key for This Application. The
Base64-encoded RSA public key that is generated by Google Play is in
binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format. It is
the same public key that is used with Google Play licensing.
When your application receives this signed response, you can use the
public key portion of your RSA key pair to verify the signature. By
performing signature verification, you can detect any responses that
have been tampered with or that have been spoofed.
来源:https://developer.android.com/google/play/billing/billing_library_overview#Verify-purchase
我正在遵循此指南:https://jamesmontemagno.github.io/InAppBillingPlugin/SecuringPurchases.html
尝试执行收据验证。它提到我必须实现这个接口:IInAppBillingVerifyPurchase。但它也提到 Android 我必须从某个地方得到一个 public 密钥并将其分成三个部分。我的问题是我从哪里得到这个 public 密钥?
这似乎是由您的应用程序的 Play 管理中心提供的。
To help ensure the integrity of the transaction information that is sent to your application, Google Play signs the JSON string that contains the response data for a purchase. Google Play uses the private key that is associated with your application in the Play Console to create this signature. The Play Console generates an RSA key pair for each application. You get this response JSON using the getOriginalJson() method within the Purchase class.
Note: To find the public key portion of this key pair, open your application's details in the Play Console, click Services & APIs, and review the field titled Your License Key for This Application. The Base64-encoded RSA public key that is generated by Google Play is in binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format. It is the same public key that is used with Google Play licensing.
When your application receives this signed response, you can use the public key portion of your RSA key pair to verify the signature. By performing signature verification, you can detect any responses that have been tampered with or that have been spoofed.
来源:https://developer.android.com/google/play/billing/billing_library_overview#Verify-purchase