5

The documentation says The signature is a PKCS #7 detached signature of the manifest file but how does one do that with openssl?

For Passbook I found these commands:

openssl pkcs12 -passin pass:test -in ./Certificates.p12 -clcerts -nokeys -out ./certificate.pem
openssl pkcs12 -passin pass:test -in ./Certificates.p12 -nocerts -out ./key.pem
openssl smime -passin pass:test -binary -sign -signer ./certificate.pem -inkey ./key.pem -in ./pushPackage.raw/manifest.json -out ./pushPackage.raw/signature xs-outform DER

Also tried with the WWDR certificate:

openssl smime -passin pass:test -binary -sign -certfile ~/Downloads/AppleWWDRCA.cer -signer ./certificate.pem -inkey ./key.pem -in ./pushPackage.raw/manifest.json -out ./pushPackage.raw/signature xs-outform DER

And zip it with:

zip -r ../example.zip . -x '*.DS_Store'

But I still get "Signature verification of push package failed".

4

1 回答 1

0

我也遇到过这样的问题。经过尝试,我发现不同的 openssl 版本会导致同一清单文件的签名大小不同。最初,我使用的是 openssl 1.0.2、1.0.3 但没有运气,但是在我将 openssl 版本降级到 0.9.8zf 2015 年 3 月 19 日之后,一切正常,我的 safari 可以识别推送包(我的 safari 版本是8.0.7(10600.7.12),MAC操作系统:10.10.4(14E46))

我的 openssl 命令是:

openssl smime -sign -in manifest.json -out signature -signer push.pem -certfile AppleWWDRCA.pem -binary -inkey push.key -outform der
于 2016-03-10T08:56:05.470 回答