我如何从苹果全球开发者证书和 .p12 文件中提取公钥和私钥？

Question

So I am attempting to write functionality for passbook or, as they call it now, "Wallet." I wrote all the necessary code to to write the JSON, write the files in a temp directory, then calculate the checksum and put in back in the manifest. Now I am stuck at the part where I sign the Apple World Wide Developer Certificate with the .p12 of the of the passes.P12 file to get the desired .der file?

<cfset signer = new rsa_signer(fileRead(expandPath("test_code/public_key.txt")),fileRead(expandPath("test_code/private_key.pem")),"SHA512withRSA")>


<cffile action="READ" file="#xtemp_folder#\manifest.json" variable="xtext">
<cfset xsignature = signer.sign(xtext)>
<!---- write to file ----->
<cffile action="WRITE" file="#xtemp_folder#\signature.der" output="#xsignature#">

<!---- create zipped file for user downloading ----->
<cf_write_log log_key="#attributes.log_key#" data="<hr>create zip files from temp holding folder..">
<cfset xzip_filename = "h:\eshowtemp\#xtemp_folder_string#.pkpass">
<cfdirectory action="LIST" directory="#xtemp_folder#" name="files">
<cf_write_log log_key="#attributes.log_key#" data="files=#files.recordcount#">
<cfzip file="#xzip_filename#" source="#xtemp_folder#">

The above code is a snippet of my cold fusion program that ideally signs and prints out the desired .pkpass file. I have confirmed this program works with other provided public and private keys. Where I read the signer, I have tried exporting the world wide developer certificate into a .pem file. I then did the same with the .p12, exporting that into a pem file and plugged both of the pem files into the rsa_signer and no luck. So I'm stuck where to go from here.

Here's what I have noticed. On the public and private keys that do work, they look something like this:

-----BEGIN PRIVATE KEY-----

Encryption.....

-----END PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----

Encryption... -----END PUBLIC KEY-----

Compared to my 2 .pem files (Apple world wide developer cert + passes.p12 file)

///Apple dev cert.pem

-----BEGIN CERTIFICATE-----

///Encryption

-----END CERTIFICATE-----

//pass.pem (converted from .p12)

Bag Attributes friendlyName: Pass Type ID: XXX localKeyID: XXX subject=/UID=XXX/CN=Pass Type ID: XXX/OU=XXX/O=XXXC=US issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority -----BEGIN CERTIFICATE-----

XXXX -----END CERTIFICATE-----

Could this be why my coldfusion program does not like my pem files? The .pem files say "Begin certificate" while the other pems say "Begin public/private key."

Any help would be much appreciated. Thanks!

https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/

Answer 1

step to create signature file is (after getting manifest.json)
1. load p12 file content (pass type id certification) -> $cert_info
2. decode $cert_info with password by using
openssl_pkcs12_read($cert_store, $cert_info, $password) -> $cert_info will keep all decoded info 3. get private key from $cert_info by using
$pkey = openssl_pkey_get_private($cert_info['pkey'], "");
and save $pkey into pem temp file
3.1 save cert info by using $cert = openssl_x509_read($cert_info['cert']);
4. use manifest.json, cert info ($cert), Apple World Wide Developer Certificate to make pkcs7 file (temp_signature) by using
openssl_pkcs7_sign("./pass_file/manifest.json", "./pass_file/temp_signature", $cert, $pkey, array(), PKCS7_BINARY | PKCS7_DETACHED, "./AppleWWDRCA.pem")
5. load temp_signature file content and extract data after filename="smime.p7s" and before ------ (substr) and encode with base64_decode and save into 'signature' file