Echo & Alexa User Discussions and Support Forums

When a person is not breathing, permanent brain damage begins after 4 minutes and death in 6 minutes after that. Can you count on help arriving before that time? Learning proper CPR techniques is easy and you can learn it in 30 minutes at CPR Test Center.

Alexa request signature verification

0 Members and 2 Guests are viewing this topic.

Alexa request signature verification
« on: December 13, 2016, 07:07:16 am »
I've been hacking together a server-based skill & doing verification in PHP. The Alexa request comes in with HTTP headers including a signature such as:

Converting that to binary with base64_decode() and decrypting with openssl_public_decrypt()  gives this, after bin2hex():


The SHA-1 hash of the request body (JSON data) in this case is:


So it appears that the decrypted signature is the 40-character SHA-1 hash of the JSON data prepended with 30 characters of something else:

33518d943e1851830b2e596a1c025b8f9be55d74  matches the SHA-1 hash of the JSON data

So what is the 30-character first part?