Re: [gs-discussion] Need Help with Authorization Keys

219 views
Skip to first unread message

Google Cloud Storage Team

unread,
Mar 14, 2013, 1:54:56 PM3/14/13
to gs-discussion
Hi Paul,

That sounds like an interesting project; I haven't heard of a lot of people using cloud storage from C. 

The private key you downloaded should be in the PKCS 12 format (a file with the extension .p12).  You will use this key along with the client ID for your service account.  To get your client ID, visit the Google APIs Console and look at the APIs Access tab.  Your service account should be listed there, with its client ID and the ID for the private key you downloaded.  Using these credentials, you can follow the instructions here to do server-to-server authentication using OAuth.  

Best Regards,
Benson
Google Cloud Storage Team


On Wed, Mar 13, 2013 at 6:38 PM, pmac <pmccl...@gmail.com> wrote:
Hi,

I'm beginning a project, written in C, that will access Google Cloud Storage.
I have a Service Account and have my Private Key.

I think I understand the process flow - but I'm confused about where to get the various keys I need.

I start by getting a JWT using OAuth 2.0
To do this I use the Client ID and my private key.
Is the Client ID the one that looks like this (on my Service Account page)?

    123456789000.apps.googleusercontent.com

The private key should be 40 characters.
I'm not sure where to get that. My downloaded private key shows a sequence of 40 characters like this (not my actual key);

    SHB656: BF 3B F8 7F 6F BF 66 FB 73 06 E6 05 B4 6B E8 92 F7 6C 5B 01 BB 75 B1 64 04 7E 1C 0E 4B 13 1F 68

Once I have the token, I can include it in the Header of my REST operations.
To create the signature for these requests, I use the public key (user identifier) and private key.
Where do I find the user identifier? Is it the 'Public key fingerprints' on the 'API Access' tab of my Service Account? It looks like;

    Public key fingerprints: 1efe2f110f31f81100a13db7f919b12ca20a092b

Thanks,
Paul

--
You received this message because you are subscribed to the Google Groups "Google Cloud Storage" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gs-discussio...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

pmac

unread,
Mar 15, 2013, 10:10:47 AM3/15/13
to gs-dis...@googlegroups.com
Thanks Benson,
    I used these commands to extract the keys to pem files. Is there a better way to get the keys directly from the p12 file?

openssl pkcs12 -in *.p12 -clcerts -nokeys -out publicCert.pem
openssl pkcs12 -in *.p12 -nocerts -nodes -out privateKey.pem

Google Cloud Storage Team

unread,
Mar 15, 2013, 12:55:08 PM3/15/13
to gs-discussion
Hi Paul,

That's consistent with the openssl commands we recommend to convert keys to PEM format on our signed URLs page. I don't know how you'd define "better", but I don't see anything wrong with this technique. 

All the best,
Benson


--
Reply all
Reply to author
Forward
0 new messages