0

I need to upload an image to google cloud bucket using cURL in c++. google is not providing c++ sdk support.As per their example and pseudo code we have to do the following process;

Blockquote

   Policy = Base-64-Encoding-Of(PolicyDocument)
   MessageDigest = SHA256withRSA(SecretKey, Policy)
   Signature = Base64-Encoding-Of(MessageDigest)

As per their process, I have done the base64 encoding,but I couldn't find anything how to perform SHA256withRSA ? Kindly help me for the SHA256withRSA in c++ .

Auguste
  • 2,007
  • 2
  • 17
  • 25
Cigodien
  • 78
  • 7
  • Maybe this could provide some leads http://stackoverflow.com/questions/13419201/why-are-the-rsa-sha256-signatures-i-generate-with-openssl-and-java-different – infixed Jun 03 '16 at 16:54
  • yeah, thank you @infixed . so it can be done through openssl rsa signing.Can anybody suggest some library in c++ if exists – Cigodien Jun 03 '16 at 17:15
  • openssl is a library too. Its command line utility is just a frontend on it. – infixed Jun 03 '16 at 17:20
  • ok nice,i was thinking its a commandline utility.I will try to implement openssl library and find the solution. thanks for the clues – Cigodien Jun 03 '16 at 17:27
  • Depend on how often you need to do it. If you figure out the recipe of the command line, it might just be simpler to embed that with a `system()` call. ( lazy and sometimes exploitable, I know. Depends on how benign the environment is) – infixed Jun 03 '16 at 17:32
  • ya..i know the command line way but i cannot do it using system() call,since am making it for production environment.i have to use the library to make it solve – Cigodien Jun 03 '16 at 17:58
  • hi @infixed , actually we hav implemented signing process in c++ , but after that when i tries to upload the image file am getting error " SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method. i believe its because of error in signing .. – Cigodien Jun 08 '16 at 15:39
  • Understand that I have never used this process myself. The URL you gave before was sending a signed policy document along with your object. Are you certain you are sending exactly what you created the signature. Any whitespace difference, line endings ( `\r\n\` vs `\n`\ for example) could change the signature. You should probably develop your signing procedure by hand, using the commandline utility to create the signature, and verify the process works. Then automate the process in C++. At least you'll have a good signature to compare with. – infixed Jun 08 '16 at 16:06
  • Hope the stuff added to the answer will help – infixed Jun 08 '16 at 16:45

1 Answers1

1

You can generate signatures like this with the openssl library or the command line utility usually packaged with it.

So with the understanding that I have never worked with Google Cloud Platform, and am only trying to expand on their documentation, to do this by hand you'd need

1) a .pem version of your Google Cloud credentials. lets call it private.pem

Use the process shown at https://cloud.google.com/storage/docs/authentication#converting-the-private-key

2) a policy document. Create that with a text editor, following the example given in your original URL

 vi policy.txt

3) a base64 encoding of that policy document. use the Linux tool base64 to make that. You'll get a long string from that. Lets call that STRINGA. Lets say its saved in STRINGA.txt

base64 < policy.txt > STRINGA.txt

4) a signature generated from STRINGA

openssl sha -sha256 -sign private.pem < STRINGA.txt | base64 >SIGNED.txt

5) do a POST from a html form that includes

<input type="hidden" name="policy" value="Put STRINGA string here">
<input type="hidden" name="signature" value="Put SIGNED string here">

similar to what's given as an example in your original URL

https://cloud.google.com/storage/docs/xml-api/post-object#usage_and_examples

I took their example base64 encoded policy document from their HTML code and note with interest that they use \r\n as a line end on the interior but there is no line end after the final } bracket.

infixed
  • 1,155
  • 7
  • 15
  • unfortunately i couldnt do it this way.. am not getting the exact signed text all time... so i have changed to gsutil using system call .. thanks a lot for your hel @infixed ... :) – Cigodien Jul 27 '16 at 05:58