tink-go icon indicating copy to clipboard operation
tink-go copied to clipboard
verified publisher icon tink-crypto

[GoogleWallet] How do I verify the callback signature from Google by using tink in Golang

Open mong0520 opened this issue 1 year ago • 1 comments

Hi guys,

I am new to Tink and I'm integrating Google Wallet to my project. Regarding this document, I can configure an endpoint that Google will callback to my server when some specific events happens.

Since the endpoint is public and the guideline suggest me to use TINK to verify the signature, but I don't know how to use it, could you guys suggest any hint for me?

What I got from the callback function

{
	"signature": "MEUCIHb.....SvXi4pj4=",
	"intermediateSigningKey": {
		"signedKey": "{\"keyValue\":\"MFkw...........oA\\u003d\\u003d\",\"keyExpiration\":\"1723672477000\"}",
		"signatures": [
			"MEUCICtIQ......sH061EM="
		]
	},
	"protocolVersion": "ECv2SigningOnly",
	"signedMessage": "{\"classId\":\"3.....3\",\"objectId\":\"3.....3\",\"eventType\":\"del\",\"expTimeMillis\":1723002546007,\"count\":1,\"nonce\":\"dac48ec0-28f3-4088-8196-ebc7d715da0f\"}"
}

Google Wallet's public key: https://pay.google.com/gp/m/issuer/keys

mong0520 avatar Aug 07 '24 07:08 mong0520

Unfortunately, paymentmethodtoken can only be in Java, using https://github.com/tink-crypto/tink-java-apps.

There are no plan to add support in Go.

You can try to use this: https://github.com/google-pay/tink-jni-examples/tree/master/TinkJNIGo

juergw avatar Aug 29 '24 14:08 juergw