5.4.3.1 DApp Access Signature Algorithm
Whenever an off-BSN system sends requests to the PCN gateway, the HTTP request message should be signed with the participant’s DApp access private key. When the PCN gateway receives the message with the digital signature, it will verify the authentication and message integrity with the corresponding hosted or uploaded DApp access public key. The gateway will only process the request message further after the verification is passed.
1. Assemble signature string
Convert the request parameters into a joined string according to the order of the parameter table, of which the request parameter prioritizes joining UserCode and AppCode of the Header and the response parameter prioritizes joining code and msg. Then join the parameters in the Body according to the order of the parameter tables in the definition of APIs.
2. Different type conversion formats
| Type | Rule | Example | Result |
|---|---|---|---|
| String | No conversion | abc | abc |
| Int/int64/long | Decimal conversion | -12 | -12 |
| Float | Decimal conversion; see notes for values after decimal point | 1.23 | 1.23 |
| Bool | Convert to “true” or “false” | true | true |
| Array | Join according to parameter sequence and type | {”abc”,”xyz”} | abcxyz |
| Map[key]value | Join key and value according to parameter sequence | {“a”:1,”b”:2} | a1b2 |
| Object | Convert the attributes in the object one by one according to the document in the above-described format | {“name”:”abc”,”secret”:”123456”} | abc123456 |
3. Signature rules
Getting the Hash value - The converted string to be signed is required to be computed with the SHA256 algorithm with UTF-8 encoding.
Sign the Hash value - The hash value and private key should be encrypted with the ECDSA (secp256r1) algorithm. If signed with SHA256WithECDSA, which includes hash value computation, the first step is not necessary.
Encoding the signature result to Base64.
4. Example
Parameters:
{"header":{"userCode":"user01","appCode":"app01"},"mac":"","body":{“userId”:”abc”,”list”:[“abc”,”xyz”]}}
Result: user01app01abcabcxyz