Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

11.17.2015
Mac Developer: Mac App Store and iTunes Store Receipt Signing - NEW CERTIFICATE ATTRIBUTES

The following is the OpenSSL information dump of the current (and presumably canonical until 2023) certificate used to sign receipts in the Mac App Store. I've extracted the three known certificates that have been historically used to sign Mac App Store bundle receipts and placed them in a disk image (password: 'macappstore') for regression testing and debugging purposes.
openssl x509 -fingerprint -sha1
SHA1 Fingerprint=27:E2:53:E3:28:97:D6:77:B9:C9:FF:CB:C2:E4:8B:CD:C3:FB:11:01
--
--openssl x509 -noout -text -in '10.8.5-20230207.darwin.12.6.0.pem'
--
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:eb:57:87:e7:9e:09:8d
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations,
                CN=Apple Worldwide Developer Relations Certification Authority
        Validity
            Not Before: Nov 13 02:15:09 2015 GMT
            Not After : Feb  7 21:48:47 2023 GMT
        Subject: CN=Mac App Store and iTunes Store Receipt Signing,
                 OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a5:cf:81:fd:25:a2:81:5b:d6:87:ed:23:da:33:
                    1c:8e:e2:23:c0:a5:c4:26:cb:3d:c6:9f:ec:4a:0d:
                    55:86:ff:a4:02:d7:97:ca:39:54:6d:7d:7f:b2:54:
                    18:9d:c4:2c:52:71:8e:64:7b:82:ce:89:ba:49:d6:
                    08:e5:b4:88:71:cf:3f:5b:46:2e:c6:c4:1d:b8:03:
                    a9:58:a2:04:3e:21:78:d5:db:b7:d0:8e:12:8d:83:
                    4c:5b:2a:68:37:93:c2:f2:bd:1e:c4:d2:a1:0c:4a:
                    58:52:ab:12:e3:ed:dd:1f:98:15:90:35:2d:c2:cc:
                    12:ca:8d:48:81:f7:58:78:54:6b:e8:8c:31:36:1f:
                    4a:06:0c:47:54:f3:37:90:b8:b2:92:89:7d:5f:a4:
                    85:4a:e1:c0:9c:e0:ba:a4:bb:82:97:63:f4:2b:93:
                    c1:fd:3e:6f:ca:c1:f5:3c:a9:8f:52:1a:c0:25:0a:
                    76:0e:de:fe:99:fe:ff:c2:6b:f5:5b:5e:ac:73:51:
                    49:08:56:89:cc:43:90:cc:8e:81:02:d0:a0:97:b6:
                    5c:b1:a1:69:69:87:90:10:68:26:26:39:b8:1d:10:
                    73:b0:0a:5d:c5:73:d0:df:76:3b:d8:2d:d9:88:1e:
                    e3:ec:07:cf:e2:8e:d0:d3:fa:26:55:81:ef:e2:03:
                    49:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.apple.com/ocsp03-wwdr04

            X509v3 Subject Key Identifier: 
                91:A4:9C:FC:C4:76:B7:9F:A0:8A:F4:4D:F5:8F:36:5D:ED:2B:04:85
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                keyid:88:27:17:09:A9:B6:18:60:8B:EC:EB:BA:F6:47:59:C5:52:54:A3:B7

            X509v3 Certificate Policies: 
                Policy: 1.2.840.113635.100.5.6.1
                  User Notice:
                    Explicit Text: Reliance on this certificate by any party assumes acceptance
                                   of the then applicable standard terms and conditions of use, 
                                   certificate policy and certification practice statements.
                  CPS: http://www.apple.com/certificateauthority/

            X509v3 Key Usage: critical
                Digital Signature
            1.2.840.113635.100.6.11.1: 
                ..
    Signature Algorithm: sha1WithRSAEncryption
        0d:a6:1b:d3:2e:3d:e3:5b:2b:07:6e:42:96:6c:d3:e8:8c:43:
        30:82:5f:e0:5c:d1:8d:be:bd:0f:bd:1a:fc:25:92:db:8c:85:
        c3:80:59:df:e3:e2:d7:2e:05:14:ac:0d:db:b6:b8:fe:fc:35:
        2e:7c:cb:ad:17:6b:8e:7f:1f:e4:77:b9:b1:67:95:b4:13:5e:
        a6:19:86:76:f8:5a:20:95:e7:63:8c:0f:73:fc:e8:ed:c6:1f:
        ae:99:f8:65:48:5c:a0:e0:28:3a:c0:10:37:2d:b9:a0:04:39:
        1f:73:b9:c8:05:fd:f2:de:7f:1a:2a:2a:6e:2b:01:fc:a0:20:
        5c:d9:eb:7d:27:a6:33:f8:f5:98:e0:be:44:db:b1:4c:67:fc:
        6e:0a:4f:c9:e2:06:a8:d2:97:f3:a7:8e:6b:51:a2:5a:84:75:
        65:d1:16:04:62:e3:c1:5f:f5:08:a9:cf:68:d9:92:00:c9:c1:
        8c:b3:f8:8d:00:64:ba:58:60:c0:7c:af:8f:75:ca:69:b9:5b:
        2a:d6:1d:68:6e:98:42:f5:4c:a7:37:19:9b:cc:3b:1c:7a:19:
        43:f3:a3:6d:bf:48:60:06:0c:36:92:2b:ec:de:18:b5:11:da:
        2d:23:d0:8e:fc:a0:69:9c:17:1b:9e:80:7b:39:47:45:30:61:
        2f:c7:13:a8

Labels: ,

By : Tighten Mac App Store and iTunes Store Receipt Signing - NEW CERTIFICATE ATTRIBUTES

0 Comments:

Post a Comment

[ Home ]

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro