2

With Google deprecating SHA-1 everywhere I'm wondering if it is necessary for me to modify my validation for Google Maps API connection on my web server. I have found little information from Google other than:

https://developers.google.com/maps/documentation/business/webservices/auth

This clearly says use SHA-1 but I'm wondering if its possible to update? And to do so can I just follow their steps on that link but use SHA-256 instead of SHA-1?

brettjj
  • 21
  • 2
  • I ran through this tutorial: https://www.youtube.com/watch?v=ODeXo7YIwVg&feature=youtu.be&hd=1 replacing only the client ID with my own and Sha1 with Sha256. The last f.read() call gave me this error - "Unable to authenticate the request. Provided 'signature' is not valid for the provided client ID, or the provided 'client' is not valid.\nThe signature was checked against the URL: /maps/api/geocode/json?latlng=40.7%2C-73.96&client=gme-'editedout'&sensor=true\nIf this does not match the URL you requested, please ensure that your request is URL encoded correctly. Where 'editedout' was my ID. – brettjj Jul 15 '15 at 19:16
  • I am encountering the same issue that replacing the SHA1 with SHA256 istill not works. Any one knows the reason? I copied the generated url in browser and the browser supports SHA256. – Troy Aug 14 '15 at 03:42
  • So I wasn't ever able to really find a good answer on this. The reason I asked was Google sent out a message to my company regarding this, but in reading it again it seemed like it was more about the client-side and server-side (depending on where the software is run) system configurations, NOT the actual calls to their API. Since our server supports SHA-256 I left this alone. Nothing has broken.. yet. I'm guessing Google just hasn't updated the API to allow SHA-256 (at least not yet?) but I don't think it is anything to worry about for now. – brettjj Aug 17 '15 at 20:31

1 Answers1

0

As mentioned here, all Android devices support SHA-256. However, there is still a possibility that someone might try to save a few bytes and take that out. In general, Android devices (2.3 or higher) all do support the SHA-256. Hence, I do not see why there will a problem in using one.

This should give you a good idea of Operating Systems and Software Platforms that support SHA-256 including Android. And also, you might wanna take a look at this as well.

Community
  • 1
  • 1
pointNclick
  • 1,584
  • 1
  • 12
  • 17
  • Sorry but maybe I wasn't clear. This isn't for Android, this is for my web server. So my Windows program loads different web pages from my server and uses the Google maps API to plot a route, allow people to draw on the map, etc. I saw all the stuff about Android but just wasn't sure about the javascript web API. – brettjj Jul 15 '15 at 15:29
  • Excuse me for missing that info. In that case, since they are different algorithms, I would not expect that they work. If you are genuinely concerned about this, then you should lodge a feature request in the [issue tracker](https://code.google.com/p/gmaps-api-issues/issues/list) for Google Maps. However, SHA-1 deprecation is for encryption of documents, specifically HTTPS. – pointNclick Jul 27 '15 at 18:20