Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Better documentation for payload-hash-sha1 and payload-hash-sha256 #289
None of the documentation for
Depending on the level of backwards compatibility you wish to maintain, I might suggest that
I am having trouble setting up this as well. I am not that familiar with this concept (although I do know how to do
I keep getting
@CarlosEvo The way this works is that the sender calculates shasum256 of the body using the defined secret key, and sends the hash to you (usually via custom header, if you're using http(s) for transport).
On the receiving side, you calculate the shasum256 of the body you just received using the same secret key and you compare the calculated hash to the one you got from the header.
If it matches, that means the sender really knows the secret key, and you can trust that the payload hasn't been tampered with.
You can read more about digital signatures in general over at wikipedia.