Monday, May 29, 2023

Receipt Validation With SHA-256


Apple is updating the App Store receipt signing intermediate certificate with one that uses the SHA-256 algorithm in the sandbox, TestFlight, and App Store environments, on the dates shown below[…]


If your app verifies App Store receipts on the device, follow the instructions outlined in this document to ensure that your receipt validation code is compatible with this change.


If your app follows the instructions in Validating receipts on the device, the new certificate affects step 2, which involves verifying the certificate chain. Be sure your app uses the latest certificates from Apple PKI.


Update (2023-06-26): Anders Borum:

Any developers that have successfully validated receipts in the sandbox using StoreKit1 methods after June 20?

The docs do not mention where to get the SHA256 value and ASN.1 Field Type 5 is 20 bytes and not the 32 bytes expected for SHA256.

Comments RSS · Twitter · Mastodon

Leave a Comment