When decrypting and verifying the Google Play Integrity verdict as per official docs (https://developer.android.com/google/play/integrity/verdict) the code snippet/samples shared uses these constants: AES_KEY_SIZE_BYTES
, AES_KEY_TYPE
and EC_KEY_TYPE
But the values of those are never mentioned. Can someone plase help, what are those values?
After searching hours on the internet, I came across a youtube video (Obtaining and Decoding the Integrity Verdict | Step 3 of Migrating to Play Integrity API) (obviously not from Google) which gave me the required answer. Here are the values for those constants:
AES_KEY_SIZE_BYTES: decryptionKeyBytes.length
AES_KEY_TYPE: AES
EC_KEY_TYPE: EC
So your final code should look something like this:
package com.example.sample
...
...
import org.apache.commons.codec.binary.Base64;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.lang.JoseException;
...
...
// base64OfEncodedDecryptionKey is provided through Play Console.
byte[] decryptionKeyBytes =
Base64.decode(base64OfEncodedDecryptionKey, Base64.DEFAULT);
// Deserialized encryption (symmetric) key.
SecretKey decryptionKey =
new SecretKeySpec(
decryptionKeyBytes,
/* offset= */ 0,
decryptionKeyBytes.length,
"AES");
// base64OfEncodedVerificationKey is provided through Play Console.
byte[] encodedVerificationKey =
Base64.decode(base64OfEncodedVerificationKey, Base64.DEFAULT);
// Deserialized verification (public) key.
PublicKey verificationKey =
KeyFactory.getInstance("EC")
.generatePublic(new X509EncodedKeySpec(encodedVerificationKey));
If you are using maven make sure you added these dependancies:
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-playintegrity</artifactId>
<version>v1-rev20220904-2.0.0</version>
</dependency>
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
<version>0.8.0</version>
</dependency>