Mac Developer: Mac App Store and iTunes Store Receipt Signing - NEW CERTIFICATE ATTRIBUTES
The following is the OpenSSL information dump of the current (and presumably canonical until 2023) certificate used to sign receipts in the Mac App Store. I've extracted the
three known certificates that have been historically used to sign Mac App Store bundle receipts and placed them in a disk image (password: 'macappstore') for regression testing and debugging purposes.
openssl x509 -fingerprint -sha1
SHA1 Fingerprint=27:E2:53:E3:28:97:D6:77:B9:C9:FF:CB:C2:E4:8B:CD:C3:FB:11:01
--
--openssl x509 -noout -text -in '10.8.5-20230207.darwin.12.6.0.pem'
--
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:eb:57:87:e7:9e:09:8d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations,
CN=Apple Worldwide Developer Relations Certification Authority
Validity
Not Before: Nov 13 02:15:09 2015 GMT
Not After : Feb 7 21:48:47 2023 GMT
Subject: CN=Mac App Store and iTunes Store Receipt Signing,
OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a5:cf:81:fd:25:a2:81:5b:d6:87:ed:23:da:33:
1c:8e:e2:23:c0:a5:c4:26:cb:3d:c6:9f:ec:4a:0d:
55:86:ff:a4:02:d7:97:ca:39:54:6d:7d:7f:b2:54:
18:9d:c4:2c:52:71:8e:64:7b:82:ce:89:ba:49:d6:
08:e5:b4:88:71:cf:3f:5b:46:2e:c6:c4:1d:b8:03:
a9:58:a2:04:3e:21:78:d5:db:b7:d0:8e:12:8d:83:
4c:5b:2a:68:37:93:c2:f2:bd:1e:c4:d2:a1:0c:4a:
58:52:ab:12:e3:ed:dd:1f:98:15:90:35:2d:c2:cc:
12:ca:8d:48:81:f7:58:78:54:6b:e8:8c:31:36:1f:
4a:06:0c:47:54:f3:37:90:b8:b2:92:89:7d:5f:a4:
85:4a:e1:c0:9c:e0:ba:a4:bb:82:97:63:f4:2b:93:
c1:fd:3e:6f:ca:c1:f5:3c:a9:8f:52:1a:c0:25:0a:
76:0e:de:fe:99:fe:ff:c2:6b:f5:5b:5e:ac:73:51:
49:08:56:89:cc:43:90:cc:8e:81:02:d0:a0:97:b6:
5c:b1:a1:69:69:87:90:10:68:26:26:39:b8:1d:10:
73:b0:0a:5d:c5:73:d0:df:76:3b:d8:2d:d9:88:1e:
e3:ec:07:cf:e2:8e:d0:d3:fa:26:55:81:ef:e2:03:
49:23
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.apple.com/ocsp03-wwdr04
X509v3 Subject Key Identifier:
91:A4:9C:FC:C4:76:B7:9F:A0:8A:F4:4D:F5:8F:36:5D:ED:2B:04:85
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:88:27:17:09:A9:B6:18:60:8B:EC:EB:BA:F6:47:59:C5:52:54:A3:B7
X509v3 Certificate Policies:
Policy: 1.2.840.113635.100.5.6.1
User Notice:
Explicit Text: Reliance on this certificate by any party assumes acceptance
of the then applicable standard terms and conditions of use,
certificate policy and certification practice statements.
CPS: http://www.apple.com/certificateauthority/
X509v3 Key Usage: critical
Digital Signature
1.2.840.113635.100.6.11.1:
..
Signature Algorithm: sha1WithRSAEncryption
0d:a6:1b:d3:2e:3d:e3:5b:2b:07:6e:42:96:6c:d3:e8:8c:43:
30:82:5f:e0:5c:d1:8d:be:bd:0f:bd:1a:fc:25:92:db:8c:85:
c3:80:59:df:e3:e2:d7:2e:05:14:ac:0d:db:b6:b8:fe:fc:35:
2e:7c:cb:ad:17:6b:8e:7f:1f:e4:77:b9:b1:67:95:b4:13:5e:
a6:19:86:76:f8:5a:20:95:e7:63:8c:0f:73:fc:e8:ed:c6:1f:
ae:99:f8:65:48:5c:a0:e0:28:3a:c0:10:37:2d:b9:a0:04:39:
1f:73:b9:c8:05:fd:f2:de:7f:1a:2a:2a:6e:2b:01:fc:a0:20:
5c:d9:eb:7d:27:a6:33:f8:f5:98:e0:be:44:db:b1:4c:67:fc:
6e:0a:4f:c9:e2:06:a8:d2:97:f3:a7:8e:6b:51:a2:5a:84:75:
65:d1:16:04:62:e3:c1:5f:f5:08:a9:cf:68:d9:92:00:c9:c1:
8c:b3:f8:8d:00:64:ba:58:60:c0:7c:af:8f:75:ca:69:b9:5b:
2a:d6:1d:68:6e:98:42:f5:4c:a7:37:19:9b:cc:3b:1c:7a:19:
43:f3:a3:6d:bf:48:60:06:0c:36:92:2b:ec:de:18:b5:11:da:
2d:23:d0:8e:fc:a0:69:9c:17:1b:9e:80:7b:39:47:45:30:61:
2f:c7:13:a8
Labels: certificate receipt signing, mac app store receipt validation
Post a Comment