Signature

Signature - a string in hexadecimal format formed by one-way coding. You cannot decode or generate this string without knowing all the necessary components. The signature is based on the potential importance of each query parameter.

SHA-1 hash algorithm is used for signature generating.

Secure Hash Algorithm 1 – cryptographic hashing algorithm. For an input message of arbitrary length (a maximum of 2^64 bits, approximately equal to 2 exabytes), the algorithm generates a 160-bit hash value, also called a message digest. It is used in many cryptographic applications and protocols.

Python code snippet
def sign_params(input_params: Mapping, salt: AnyStr) -> AnyStr:
    params = {}
    for k, v in input_params.items():
        if isinstance(v, list):
            new_v = ';'.join(sorted(map(str, v)))
            params[str(k)] = str(new_v)
        elif isinstance(v, dict):
            sorted_dict = sorted(v)
            new_v = ';'.join(f'{key}:{v[key]}' for key in sorted_dict)
            params[str(k)] = str(new_v)
        else:
            params[str(k)] = str(v)

    sign_str = ';'.join(
        ['%s:%s' % (k.lower(), params[k]) for k in sorted(params.keys()) 
        if params[k].strip() != '']) + ';'
    logging.debug(sign_str + salt)
    return hashlib.sha1(sign_str.encode('utf-8') + 
    salt.encode('utf-8')).hexdigest()

Signature generating algorithm

  1. A signature string is generated:

    • all query parameters are sorted alphabetically;

    • sorted not empty parameters are connected in series to one line (concatenation) using the symbol-separator between them;

    • the end of the line is appended with the site salt using the symbol-separator

  2. SHA-1 hash is taken from the received string.

Signature generating rules

  • Signed string coding – UTF-8;

  • Query parameter names are presented in lower case. The string can be composed of Latin letters from a to z, numbers from 0 to 9, underlining sign "_";

  • A semicolon is used as the delimiter between parameters ”;”;

  • Each parameter is attached as a substring ”param_name:param_value”, where param name – a parameter name, param_value – parameter value, a colon - internal delimiter;

  • Parameters which value is an empty string ”” – are skipped;

  • If the parameter value is an array, then its elements are also sorted according to the growth of their keys and connected in series by a delimiter. In this case, the array elements (nested arrays) are skipped, and the delimiter character is not added;

  • To avoid double signing, the "signature" parameter is always excluded from the signature.

In summary, the process of generating a signature using the SHA-1 hash algorithm and the described rules helps ensure data integrity and authenticity by providing a unique identifier that can be used to verify the validity of the data while maintaining a secure and consistent approach to signing.

Last updated