Signature verification

[javadevmtl]

Any chance we will see the signature verification in the sample? :)

I tried...

    //Parse payment token here...

    System.out.println("Signature: " + signatureStr);
    System.out.println("Data: " + data);
    System.out.println("Transaction Id: " + transactionId);
    System.out.println("Ephemeral Key: " + ephemeralKey);
    System.out.println("Concat: " + concat);


    Signature sig = Signature.getInstance("SHA256withECDSA", "BC");
    sig.initSign(merchantPrivateKey);
    sig.update(concat.getBytes());
    byte[] signature = sig.sign();
    System.out.println(Base64.encodeBase64String(signature));

But it doesn't seem to match...

[javadevmtl]

Wish the docs where a bit clearer here: https://developer.apple.com/library/ios/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html#//apple_ref/doc/uid/TP40014929

But basically you need to parse the "siganture" as pkcs#7 which includes a bunch of certificates plus the actual signature.

You can base64 decode the signature and write the bytes to a file then use openssl (openssl pkcs7 -text -in yourfile.txt -inform DER -print_certs)to view it.

But Any APi that can parse pkcs7 will do the trick too.

This should help thing get rolling along a bit easier.

[Cris464]

can you Please provide the code for Signature verification

[zooz-mobile]

Apple-Pay-Signature-Verification:
https://github.com/zooz-mobile/Apple-Pay-Signature-Verification