5.4.4.1 DApp Access Signature Algorithm
Whenever an off-BSN system sends requests to the PCN gateway, the HTTP request message should be signed with the DApp participant’s DApp access private key. When the PCN gateway receives the message with the digital signature, it will verify the authentication and message integrity with the corresponding hosted or uploaded DApp access public key. The gateway will only process the request message further after the verification is passed.
1. Assemble signature string
Convert the request parameters into a joined string according to the order of the parameter table, of which, the call parameter prioritises joining UserCode and AppCode of the Header and the response parameter prioritises joining code and msg. Then join the parameters in the Body according to the order of the parameter tables in the definition of APIs.
2. Different type conversion formats
Type | Rule | Example | Result |
---|---|---|---|
String | No conversion | abc | abc |
Int/int64/long | Decimal conversion | -12 | -12 |
Float | Decimal conversion; see notes for values after decimal point | 1.23 | 1.23 |
Bool | Convert to “true” or “false” | true | true |
Array | Join according to parameter sequence and type | {”abc”,”xyz”} | abcxyz |
Map[key]value | Join key and value according to parameter sequence | {“a”:1,”b”:2} | a1b2 |
Object | Convert the attributes in the object one by one according to the document in the above-described format | {“name”:”abc”,”secret”:”123456”} | abc123456 |
3. Signature rules
a) FISCO BCOS framework DApp using ECDSA (secp256k1) secret key algorithm
- Getting the Hash value: The converted string to be signed is required to be computed with SHA256 algorithm with UTF-8 encoding.
Sign the Hash value: The hash value and private key should be encrypted with ECDSA (secp256k1) algorithm. In the processing of some programming languages (C#, Java), if signed with SHA256WithECDSA, which includes hash value computation, therefore, the first step is not necessary.
Encoding the signature result to Base64.
b) FISCO BCOS framework DApp using SM secret key algorithm
- Getting the Hash value: The converted string to be signed is required to be computed with SM3 algorithm with UTF-8 encoding.
- Sign the Hash value: The hash value and private key should be encrypted with SM2 algorithm.
- Encoding the signature result to Base64.
4. Example
Parameters:
{"header":{"userCode":"user01","appCode":"app01"},"mac":"","body":{“userId”:”abc”,”list”:[“abc”,”xyz”]}}
Result: user01app01abcabcxyz