search

tink-crypto / tink-go

Go implementation of Tink
https://developers.google.com/tink
Apache License 2.0
123 stars 6 forks source link

[GoogleWallet] How do I verify the callback signature from Google by using tink in Golang #22

Open mong0520 opened 3 months ago

mong0520 commented 3 months ago

Hi guys,

I am new to Tink and I'm integrating Google Wallet to my project. Regarding this document, I can configure an endpoint that Google will callback to my server when some specific events happens.

Since the endpoint is public and the guideline suggest me to use TINK to verify the signature, but I don't know how to use it, could you guys suggest any hint for me?

What I got from the callback function

{
    "signature": "MEUCIHb.....SvXi4pj4=",
    "intermediateSigningKey": {
        "signedKey": "{\"keyValue\":\"MFkw...........oA\\u003d\\u003d\",\"keyExpiration\":\"1723672477000\"}",
        "signatures": [
            "MEUCICtIQ......sH061EM="
        ]
    },
    "protocolVersion": "ECv2SigningOnly",
    "signedMessage": "{\"classId\":\"3.....3\",\"objectId\":\"3.....3\",\"eventType\":\"del\",\"expTimeMillis\":1723002546007,\"count\":1,\"nonce\":\"dac48ec0-28f3-4088-8196-ebc7d715da0f\"}"
}

Google Wallet's public key: https://pay.google.com/gp/m/issuer/keys

juergw commented 2 months ago

Unfortunately, paymentmethodtoken can only be in Java, using https://github.com/tink-crypto/tink-java-apps.

There are no plan to add support in Go.

You can try to use this: https://github.com/google-pay/tink-jni-examples/tree/master/TinkJNIGo