Support new Authentication/Signing mode using RSA Keys

adshao / go-binance

A Go SDK for Binance API

MIT License

1.54k stars 677 forks source link

Support new Authentication/Signing mode using RSA Keys #459

Closed f0o closed 3 months ago

f0o commented 1 year ago

Binance seems to recommend RSA Keys instead of the old HMACs now.

2022-12-15

New RSA signature

Documentation has been updated to show how to sign a request using an RSA key.

For security reasons, we recommend to use RSA keys instead of HMAC keys when generating an API key.

We accept PKCS#8 (BEGIN PUBLIC KEY).

More details on how to upload your RSA public key will be added at a later date.

Ref: https://binance-docs.github.io/apidocs/spot/en/#change-log Ref: https://binance-docs.github.io/apidocs/spot/en/#signed-trade-user_data-and-margin-endpoint-security

This issue is just to track progress on it.

f0o commented 1 year ago

Symmetric HMAC Unrestricted-IP-Access API Key(s) being: prevented from enabling permissions for trading; periodically disabled if previously enabled with permissions for trading; and periodically deleted whether inactive or active.

This sounds like trading is today already not allowed anymore using the HMAC keys. I am actually getting all sorts of errors but it might be because I'm also attempting to add NAT'ing to the cloudresources used...

//EDIT: Default Security Controls disable trading with HMAC keys as of yesterday. Regardless of IP whitelisting. RSA Auth is needed or just disable the Default Security Controls.

kuuy commented 1 year ago

Example for Signing mode using RSA Keys

https://github.com/kuuy/taoniu-go/blob/main/cryptos/repositories/binance/spot/margin/orders.go

`timestamp := time.Now().UnixNano() / int64(time.Millisecond) payload := fmt.Sprintf("%s&timestamp=%v", params.Encode(), timestamp)

block, _ := pem.Decode([]byte(config.TRADE_SECRET_KEY))
privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
    return
}
hashed := sha256.Sum256([]byte(payload))
signature, _ := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.SHA256, hashed[:])

data := url.Values{}
data.Add("signature", base64.StdEncoding.EncodeToString(signature))

body := bytes.NewBufferString(fmt.Sprintf("%s&%s", payload, data.Encode()))`

xyq-c-cpp commented 3 months ago

No response for a long time, close this issue

f0o commented 3 months ago

Did you implement it @xyq-c-cpp? If not then why close?

xyq-c-cpp commented 3 months ago

Did you implement it @xyq-c-cpp? If not then why close? thanks for your concern, it's implemented in last PR.