1

I'm working on Apple Pay payment token decryption. According to this instruction Payment Token Format Reference on step 2. I need use publicKeyHash field from header of payment token to determine which merchant certificate was used by Apple.

pulbicKeyHash is SHA–256 hash of the X.509 encoded public key bytes of the merchant’s certificate, Base64 encoded as a string.

I have one merchant certificate. So I assume that if i will take sha-256 hash of my certificate's public key and Base64 encode it i will get the same value that i receive in publicKeyHash field of payment token.

But I can't figure out what particular part of the certificate should I hash. The initial merchant certificate provided by Apple is in .cer format. I'have extracted public key from it to .pem format. Than i have tried both take hash -> base64encode of public key (String between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) and to take hash of base64 decoded .pem which i think should be .der and base 64 encode it.

And both failed to match value received from Apple Pay. Also it have different length my base64 encoded hash have 88 char length, and publicKeyHash field is 44 char in length.

When I have tried to base 64 decode publicKeyHash, I've got unreadeble characters like "D��$�f���@c���$����WP��" But according to Apple documentation there should be sha-256 hash which can not contain such symbols.

Can somebody explain me what concrete steps should I perform in order to complete this merchant certificate check?

Community
  • 1
  • 1
mind_religion
  • 75
  • 1
  • 10
  • mmm shouldn't a Base64 SHA-256 hash be 44 chars? https://stackoverflow.com/questions/2240973/when-using-a-sha256-hash-how-long-is-the-hash-ie-how-long-should-my-mysql-va – Marco A. Hernandez Jul 11 '17 at 16:53
  • As I know sha-256 have 64 chars. But I don't realy know how this number changes after base 64 encoding. – mind_religion Jul 12 '17 at 07:22
  • 1
    A binary SHA-256 hash is 256 bits long. On Hexadecimal representation you use 4 bits per char so the result is 64 chars. Base64 uses 3 bytes per 4 chars plus a padding character, that means 44 chars. If you are generating a binary hash of your certificate and encoding it in B64 the result must have 44 chars. You should check your hash and B64 algorithm because something's wrong – Marco A. Hernandez Jul 12 '17 at 07:42
  • I've managed to get proper amount of chars in result. I have also succeed in extracting public key in .pem format from certificate. But it's hash or hash of base 64 decoded public key doesn't match publicKeyHash field of Apple token... Does somebody know what particular data in what format shoud I hash to get proper result? – mind_religion Jul 13 '17 at 07:27

4 Answers4

4

In my case the main problem and solution was to use Payment Processing Certificate's public key hash and NOT Merchant Identity Certificate's public key hash, witch I was trying to compare with PublicKeyHash from payment token. In my excuse I can say that following text from Apple Documentation is pretty much ambiguous:

publicKeyHash SHA–256 hash, Base64 encoded as a string Hash of the X.509 encoded public key bytes of the merchant’s certificate.

As we have two kind of certificates merchant and payment processing. It was obvious for me that merchant certificate from documentation is merchant id certificate.

Only after re-read Payment Processing certificate description

Payment Processing Certificate. A certificate used to securely transfer payment data. Apple Pay servers use the payment processing certificate’s public key to encrypt the payment data. Use the private key to decrypt the data when processing payments.

from Apple Pay JS documentation I have realized my mistake.

So I hope my experience can help somebody not to step on the same rake)

Community
  • 1
  • 1
mind_religion
  • 75
  • 1
  • 10
  • How to generate the private key? Used openssl pkcs12 -in Certificates.p12 -out ApplePay.key.pem -nocerts command to generate. But getting an error in decrypting. Failed to match tag: \“int\” at: [\“version\“] – Ashutosh Singh Lodhi Aug 28 '23 at 15:23
4

Its shame I was not able to find openssl command to extract hash directly from the cert. So you have to create the public key first in order to get the public key hash. There are two ways to extract the public key.

Step 1

A. From your ecc private key (payment processing private key)

openssl ec -in ecc_private_key.key -pubout -out ec_public_key.pem

OR

B. From the cert downloaded from apple pay portal (after uploading payment processing csr)

openssl x509 -inform der -in apple_pay.cer -pubkey -noout > apple_pay_public_key.pem

Both will give you public key in following format

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENGbyXUzeZTdeyyNuXyc0nMzXmnLl
xMwd/t/sCZr3RPhytPbZpR/V4/xHqN/MVzozzq30I0/eUefbThEBl236Og==
-----END PUBLIC KEY-----

Step 2
You can use following code to extract the base64 hash from above public key remember to remove headers/footers and line feeds.

I hoped I could have figured out how to use openssl tool to get hash from public key but anyway following c# code works for me. its very simple and easy to port to java/python/php or whatever your preference is. Or just use following code online at ideone.com

String publicKeyBase64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENGbyXUzeZTdeyyNuXyc0nMzXmnLlxMwd/t/sCZr3RPhytPbZpR/V4/xHqN/MVzozzq30I0/eUefbThEBl236Og==";

byte[] publicKey = Convert.FromBase64String(publicKeyBase64);
SHA256 sha256 = SHA256Managed.Create();
byte[] hash = sha256.ComputeHash(publicKey);
String publicKeyHash = Convert.ToBase64String(hash);

Console.WriteLine("Result: {0}", publicKeyHash);

Please keep in mind that your system should be able to accept multiple keys at any given time and instead of just verifying you need to load the correct private key based on publicKeyHash you receive from device(iphone/ipad etc) considering the scenario when your current certificate is expiring (or you are revoking for any reason) otherwise your system may not be able to accept the transaction for a short period of time. As per one of my encounter it took apple more than one hour, before new payment processing keys became active, after pressing activate in the portal.

Mubashar
  • 12,300
  • 11
  • 66
  • 95
3

This question and the accepted answer were still a bit vague on details, so here is exact tested method in java to check that token.paymentData.header.publicKeyHash matches Apple Pay Payment Processing Certificate:

private static void checkPublicKeyHash(String publicKeyHash, X509Certificate paymentProcessingCertificate)
        throws NoSuchAlgorithmException, CertificateException {

    String certHash = Base64.getEncoder().encodeToString(
            MessageDigest.getInstance("SHA-256").digest(
                    paymentProcessingCertificate.getPublicKey().getEncoded()));
    if (!Objects.equals(publicKeyHash, certHash)) {
        throw new DigestException(String.format(
                "publicKeyHash %s doesn't match Payment Processing Certificate hash %s",
                publicKeyHash, certHash));
    }
}
Vadzim
  • 24,954
  • 11
  • 143
  • 151
-1

First it seem the answers to the original question are several months apart. Second all answers seem to lack one critical bit of information; the only reason for step 2 of the the Payment Token Format Reference is that you can have more than one Payment Processing Certificate in use. If you do then apple may use anyone to encrypt the data. If you have just one Payment Processing Certificate then you can skip this step and just use the its private key. After all, the end result of step two is to get the private key of the payment processing certificate that was used to encrypt the payment data.

leroy-j
  • 1
  • 1