{"id":39528,"date":"2023-05-29T15:11:45","date_gmt":"2023-05-29T19:11:45","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=39528"},"modified":"2025-01-07T14:02:38","modified_gmt":"2025-01-07T19:02:38","slug":"receipt-validation-with-sha-256","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/05\/29\/receipt-validation-with-sha-256\/","title":{"rendered":"Receipt Validation With SHA-256"},"content":{"rendered":"<p><a href=\"https:\/\/developer.apple.com\/documentation\/technotes\/tn3138-handling-app-store-receipt-signing-certificate-changes\">TN3138<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/documentation\/technotes\/tn3138-handling-app-store-receipt-signing-certificate-changes\">\n<p>Apple is updating the App Store receipt signing intermediate certificate with one that uses the SHA-256 algorithm in the sandbox, TestFlight, and App Store environments, on the dates shown below[&#8230;]<\/p>\n<p>[&#8230;]<\/p>\n<p>If your app verifies App Store receipts on the device, follow the instructions outlined in this document to ensure that your receipt validation code is compatible with this change.<\/p>\n<p>[&#8230;]<\/p>\n<p>If your app follows the instructions in <a href=\"https:\/\/developer.apple.com\/documentation\/appstorereceipts\/validating_receipts_on_the_device\">Validating receipts on the device<\/a>, the new certificate affects step 2, which involves verifying the certificate chain. Be sure your app uses the latest certificates from <a href=\"https:\/\/www.apple.com\/certificateauthority\">Apple PKI<\/a>.<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2023\/02\/08\/new-wwdr-intermediate-certificate-and-receipt-verification\/\">New WWDR Intermediate Certificate and Receipt Verification<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/05\/20\/new-receipt-validation-sample-code\/\">New Receipt Validation Sample Code<\/a><\/li>\n<\/ul>\n\n<p id=\"receipt-validation-with-sha-256-update-2023-06-26\">Update (2023-06-26): <a href=\"https:\/\/mastodon.social\/@palmin\/110609774998840174\">Anders Borum<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@palmin\/110609774998840174\">\n<p>Any developers that have successfully validated receipts in the sandbox using StoreKit1 methods after June 20?<\/p>\n<p>The docs do not mention where to get the SHA256 value and ASN.1 Field Type 5 is 20 bytes and not the 32 bytes expected for SHA256.<\/p>\n<\/blockquote>\n\n<p id=\"receipt-validation-with-sha-256-update-2024-11-04\">Update (2024-11-04): <a href=\"https:\/\/developer.apple.com\/news\/?id=b6tejt6f\">Apple<\/a>:<\/p>\n<blockquote cite=\"https:\/\/developer.apple.com\/news\/?id=b6tejt6f\">\n<p>Starting January 24, 2025, if your app performs on-device receipt validation and doesn&rsquo;t support a SHA-256 algorithm, your app will fail to validate the receipt.<\/p>\n<p>[&#8230;]<\/p>\n<p>If your app performs on-device receipt validation, update your app to support certificates that use the SHA-256 algorithm; alternatively, use the <a href=\"https:\/\/developer.apple.com\/documentation\/storekit\/apptransaction\">AppTransaction<\/a> and <a href=\"https:\/\/developer.apple.com\/documentation\/storekit\/transaction\">Transaction<\/a> APIs to verify App Store transactions.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>TN3138: Apple is updating the App Store receipt signing intermediate certificate with one that uses the SHA-256 algorithm in the sandbox, TestFlight, and App Store environments, on the dates shown below[&#8230;] [&#8230;] If your app verifies App Store receipts on the device, follow the instructions outlined in this document to ensure that your receipt validation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2023-05-29T19:11:47Z","apple_news_api_id":"c17d1bd2-033c-435b-866f-ecab237eb6ac","apple_news_api_modified_at":"2025-01-07T19:02:41Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/AwX0b0gM8Q1uGb-yrI362rA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[91,2392,31,2185,30,39,2223,71],"class_list":["post-39528","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-appstore","tag-app-store-receipt-validation","tag-ios","tag-ios-16","tag-mac","tag-macappstore","tag-macos-13-ventura","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=39528"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39528\/revisions"}],"predecessor-version":[{"id":46341,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39528\/revisions\/46341"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=39528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=39528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=39528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}