Need Objective C code to validate App Store SHA-256 receipt on device

Question

Created 6d

Replies 2

Boosts 1

Participants 3

With the imminent suspension of SHA-1 on App Store receipts, we desperately need an objective C code sample demonstrating how to calculate the same SDH-256 hash on device to compared with the hash from the App Store receipt.

The forced migration to SHA256 for app store receipts this month mean we have to rewrite our on device receipt validation code. However there is no documentation or objC sample code on how to validate the SHA256 hash from MAS receipts. Thje documentation at https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes/ does not give any detail on how to validate SHA256. All my 100+ hours of experimentation and trial and error attempting to create a matching SHA256 has on device have failed.

We desperately need some ObjC Sample code to validate the SHA256 hash on device. Our existing SHA1 code is still working but we expect SHA1 hashes to disappear from MAS Receipts any day now.

Tnanks for any advice !

Boost

Answer 1

endecotp OP

5d

All my 100+ hours of experimentation and trial and error attempting to create a matching SHA256 has on device have failed

I wonder if you are changing the wrong thing.

In the tech note you linked to, the required change is inside the “verify certificate chain of trust“ step. See the tip box, “Ensure that your code supports certificates that use SHA-256 and SHA-1 signing algorithms.”. It is not the following section “Compute the SHA-1 Hash”; that is unchanged. (All IIUC).

0

Answer 2

JS CEO OP

2d

Any luck? I am having the same issue, need some objective c and server code examples to update to Apple's new receipt validation

0