Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

11.17.2015
Mac Developer: Tighten Pro V2 Generated Receipt Validation Code Patch for Recent Mac App Store Update

On November 11, 2015, the certificate (CN "Mac App Store Receipt Signing") the Mac App Store was using to sign receipts expired. It was replaced by an intermediate certificate (expires: 2017.10.23) which has subsequently been replaced by another certificate ("Mac App Store and iTunes Store Receipt Signing" - expires 2023.02.07).

Code generated by Tighten.app (standard edition) is not affected by the change.

Code generated using the V2 Mac App Store receipt signing template in Tighten Pro must be patched to properly validate the new certificate. In particular, the SHA1 fingerprint of the signing certificate has changed. The new 24-byte value must be updated in two locations:

IN FUNCTION ___MAS_VerifySigningCertificate
static const unsigned char kMASReceiptSigning_CA_SHA1_Bytes[] = {
0x27,0xE2,0x53,0xE3,0x28,0x97,0xD6,0x77,0xB9,0xC9,0xFF,0xCB,0xC2,0xE4,0x8B,0xCD,0xC3,0xFB,0x11,0x01
};

IN FUNCTION: ___MAS_VerifyTrustCertificates
static const unsigned char kLEAFFingerprintBytes[] = { 0x27,0xE2,0x53,0xE3,0x28,0x97,0xD6,0x77,0xB9,0xC9,0xFF,0xCB,0xC2,0xE4,0x8B,0xCD,0xC3,0xFB,0x11,0x01 };

The changes are straightforward and should function correctly through 2023.02.07.

I've also submitted updates to TightenPro and Tighten to the Mac App Store, but apparently the ingest pipeline is like a Rube Goldberg machine and the updates are currently stuck in a dreaded "processing" state which is code language for: don't expect it ever to make it to the next stage of the submission pipe.

Labels: ,

By : Tighten Tighten Pro V2 Generated Receipt Validation Code Patch for Recent Mac App Store Update

0 Comments:

Post a Comment

[ Home ]

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro