尝试在此处遵循应用内购买的一些安全准则:http: //developer.android.com/guide/market/billing/billing_best_practices.html
我试图在服务器上而不是在应用程序中自己进行签名验证.我理想情况下喜欢使用php openssl库,它看起来像以下代码应该工作:
<?php
// $data and $signature are assumed to contain the data and the signature
// fetch public key from certificate and ready it
$fp = fopen("/src/openssl-0.9.6/demos/sign/cert.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free …