tencent cloud

物联网通信

Documentation物联网通信开发者手册签名方法

签名方法

PDF
Focus Mode
Font Size
Last updated: 2024-12-27 15:44:26

概述

设备向平台发起 HTTP/HTTPS 请求时,请求报文中需包含签名信息(X-TC-Signature)以验证请求者身份。

签名步骤

设备请求报文示例:
curl -X POST https://ap-guangzhou.gateway.tencentdevices.com/device/register \\
-H "Content-Type: application/json; charset=utf-8" \\
-H "X-TC-Algorithm: hmacsha256" \\
-H "X-TC-Timestamp: 155****065" \\
-H "X-TC-Nonce: 5456" \\
-H "X-TC-Signature: 2230eefd229f582d8b1b891af****b91597240707d778ab3738f756258d7652c" \\
-d '{"ProductId":"ASJ****GX","DeviceName":"xyz"}'

1. 拼接签名字符串

StringToSign =
    HTTPRequestMethod + \\n +
    CanonicalHost + \\n + 
    CanonicalURI + \\n + 
    CanonicalQueryString + \\n + 
    Algorithm + \\n +
    RequestTimestamp + \\n +
       Nonce + \\n +
    HashedCanonicalRequest
参数名称
描述
HTTPRequestMethod
HTTP 请求方式, 支持 POST
CanonicalHost
HTTP 请求的 Host 地址
CanonicalURI
HTTP 请求 URI 。例如 https://ap-guangzhou.gateway.tencentdevices.com/device/register 的 URI 为 /device/register
CanonicalQueryString
发起 HTTP 请求 URL 中的查询字符串,对于 POST 请求,固定为空字符串 ""
Algorithm
签名方法。目前支持 HmacSha256 和 HmacSha1
RequestTimestamp
请求时间戳
Nonce
随机数
HashedCanonicalRequest
请求正文 Hash 值。HTTP 请求正文做 SHA256 哈希,然后十六进制编码,最后编码串转换成小写字母
根据以上的规则,示例中的规范签名串如下:
POST
ap-guangzhou.gateway.tencentdevices.com
/device/register

hmacsha256
155****065
5456
35e9c5b0e3ae67532d3c9f17ead6c902226****b1ff7f6e89887f1398934f064


2. 计算签名

使用密钥签名,包括产品级密钥和设备级密钥,伪代码如下:
Signature = Base64_Encode(HMAC_SHA256(SignSecret, StringToSign))
参数名称
描述
SignSecret
签名密钥,如动态注册使用 ProductSecret,设备发布消息或上报日志则使用 psk
StringToSign
待签名的字符串
使用证书签名,伪代码如下:
Signature = Base64_Encode(RSA_SHA256(PrivateKey, StringToSign))
参数名称
描述
PrivateKey
证书私钥,如设备发布消息或上报日志则使用设备的 X509 私钥证书
StringToSign
待签名的字符串

3. 组装请求报文

根据上述得到的签名串,最终完整的请求如下:
POST https://ap-guangzhou.gateway.tencentdevices.com/devregister
Content-Type: application/json
Host: ap-guangzhou.gateway.tencentdevices.com
X-TC-Algorithm: HmacSha256
X-TC-Timestamp: 155****065
X-TC-Nonce: 5456
X-TC-Signature: 2230eefd229f582d8b1b891af71****1597240707d778ab3738f756258d7652c


{"ProductId":"ASJ****GX","DeviceName":"xyz"}

示例代码

Python3 示例代码如下。
import hashlib
import random
import time
import hmac
import base64

if __name__ == '__main__':
    sign_format = '%s\\n%s\\n%s\\n%s\\n%s\\n%d\\n%d\\n%s'
    url_format = '%s://ap-guangzhou.gateway.tencentdevices.com/device/register'
    request_format = "{\\"ProductId\\":\\"%s\\",\\"DeviceName\\":\\"%s\\"}"
device_name = 'dev***'
product_id = 'JCZ****KXS'
product_secret = 'X42fPqw********94cY5sQ1Y'

request_text = request_format % (product_id, device_name)
request_hash = hashlib.sha256(request_text.encode("utf-8")).hexdigest()

nonce = random.randrange(2147483647)
timestamp = int(time.time())
sign_content = sign_format % (
    "POST", "ap-guangzhou.gateway.tencentdevices.com",
    "/device/register", "", "hmacsha256", timestamp,
    nonce, request_hash)
print("\\nsign_content: \\n" + sign_content)

sign_base64 = base64.b64encode(hmac.new(product_secret.encode("utf-8"),
                sign_content.encode("utf-8"), hashlib.sha256).digest())

print("sign_base64: " + str(sign_base64))


Previous Topic: 功能组件Next Topic: 概述

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback