[SalesForce] Verifying a signature in Apex

The apex crypto class is great but it appears to only be able to sign content. Is there any way to verify a signature in apex? I would expect a Crypto.verify() method but it doesn't appear to exist. I have some device which will be shipping me back a configuration file containing a signature and public key and I'm at a loss on how to successfully verify this. Was planning on using the SHA1 algorithm.

Has anyone dealt with this before?

Best Answer

You must follow the Following link it will be helpful for you to understand the Signature varification in Salesforce Apex. For SHA1 you can use the below code snippet:

private String getMac(String RequestString, String secretkey) {
String algorithmName = ‘hmacSHA1′; // the other options are: hmacMD5, hmacSHA256, and hmacSHA512
Blob input = Blob.valueOf(RequestString);
Blob signing =Crypto.generateMac(algorithmName, input, secretkey);
String str=EncodingUtil.urlEncode(EncodingUtil.base64Encode(signing), ‘UTF-8′);

use this str if you want signature in url encode if you want it in base64encode form only, then use the below code in place of str:

String str=EncodingUtil.base64Encode(signing);

For HMACSHA256 you can use the below code snippet:

string timestamp1 = datetime.now().formatGmt('EEE, d MMM yyyy HH:mm:ss Z');
String action = 'Action';
String algorithmName = 'HMACSHA256';
Blob mac = Crypto.generateMac(algorithmName, Blob.valueOf(timestamp1),
Blob.valueOf(Secretkey));
String macUrl =EncodingUtil.base64Encode(mac);

Use the str/macUrl where you want to use Signature may be it in the header if you use the POST method. For Sha-1 signature in APEX You can follow the below three links: http://www.tgerm.com/2012/07/sha-1-apex-rackspace-salesforce.html AND http://blog.jeffdouglas.com/2010/07/06/using-rsa-sha1-with-salesforce-crypto-class/ and http://wiki.developerforce.com/page/Apex_Crypto_Class

Related Topic