search

beatty / applepay_crypto_demo

108 stars 18 forks source link

Signature verification #3

Open javadevmtl opened 9 years ago

javadevmtl commented 9 years ago

Any chance we will see the signature verification in the sample? :)

I tried...

    //Parse payment token here...

    System.out.println("Signature: " + signatureStr);
    System.out.println("Data: " + data);
    System.out.println("Transaction Id: " + transactionId);
    System.out.println("Ephemeral Key: " + ephemeralKey);
    System.out.println("Concat: " + concat);

    Signature sig = Signature.getInstance("SHA256withECDSA", "BC");
    sig.initSign(merchantPrivateKey);
    sig.update(concat.getBytes());
    byte[] signature = sig.sign();
    System.out.println(Base64.encodeBase64String(signature));

But it doesn't seem to match...

javadevmtl commented 9 years ago

Wish the docs where a bit clearer here: https://developer.apple.com/library/ios/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html#//apple_ref/doc/uid/TP40014929

But basically you need to parse the "siganture" as pkcs#7 which includes a bunch of certificates plus the actual signature.

You can base64 decode the signature and write the bytes to a file then use openssl (openssl pkcs7 -text -in yourfile.txt -inform DER -print_certs)to view it.

But Any APi that can parse pkcs7 will do the trick too.

This should help thing get rolling along a bit easier.

Cris464 commented 9 years ago

can you Please provide the code for Signature verification

zooz-mobile commented 9 years ago

Apple-Pay-Signature-Verification: https://github.com/zooz-mobile/Apple-Pay-Signature-Verification