I want some assistance on this challenge. I am making an attempt to provision a digital card to be added to Apple pockets. I get the encrypted activation information from a 3rd celebration. My job is to encrypt the cardboard particulars utilizing KDF operate. The encryption course of goes easy, I do not see any errors in it, however when I attempt to really provision a card, Apple shouldn’t be ready so as to add it to Pockets. There isn’t any error reported. I reached out to Apple however they’ve been lower than useful.
That is what is occurring
- Extract the apple public key from the leaf certificates:
var certParser = new X509CertificateParser();
var cert = certParser.ReadCertificate(certificateBytes);
// Extract the general public key
var publicKey = cert.GetPublicKey();
// Guarantee it is an EC key (which it ought to be for Apple Pockets)
if (publicKey is ECPublicKeyParameters ecPublicKey)
{
// Encode the general public key within the format anticipated by your encryption technique
var encodedPublicKey = SubjectPublicKeyInfoEncoder.GetEncoded(ecPublicKey);
return Convert.ToBase64String(encodedPublicKey);
}
var cardDetails = new CardDetails
{
PrimaryAccountNumber = "*************",
Expiration = "03/27",
Identify = Settings.Account?.CustName,
Nonce = Convert.ToHexString(nonce.ToArray()),
NonceSignature = Convert.ToHexString(nonceSignature.ToArray()),
};
- Decode and parse Apple’s public key
// 1. Decode and parse Apple's public key
var applePublicKeyBytes = Convert.FromBase64String(applePublicKeyBase64);
var applePublicKey = PublicKeyFactory.CreateKey(applePublicKeyBytes);
var ecPublicKey = (ECPublicKeyParameters)applePublicKey;
// 2. Generate an ephemeral key pair utilizing the identical curve as Apple's key
var curveParameters = ecPublicKey.Parameters;
var curveName = GetCurveName(ecPublicKey);
//2.1 Generate ephemeral key pair
var keyGen = new ECKeyPairGenerator();
keyGen.Init(new ECKeyGenerationParameters(curveParameters, new SecureRandom()));
var ephemeralKeyPair = keyGen.GenerateKeyPair();
var ephemeralPrivateKey = (ECPrivateKeyParameters)ephemeralKeyPair.Personal;
var ephemeralPublicKey = (ECPublicKeyParameters)ephemeralKeyPair.Public;
// 3. Carry out ECDH key settlement
var settlement = new ECDHBasicAgreement();
settlement.Init(ephemeralPrivateKey);
var sharedSecret = settlement.CalculateAgreement(ecPublicKey);
// 4. Generate a symmetric key utilizing SHA-256
var sharedSecretBytes = sharedSecret.ToByteArrayUnsigned();
var symmetricKey = DeriveSymmetricKey(sharedSecretBytes);
// 5. Generate a random nonce/IV for AES-GCM
var nonce = GenerateRandomBytes(AesGcmIvLengthBytes);
// 6. Put together the cardboard information for encryption (convert to JSON)
var cardDataBytes = SerializeCardDetails(cardDetails);
// 7. Encrypt the cardboard information utilizing AES-GCM
var encryptionResult = EncryptWithAesGcm(cardDataBytes, symmetricKey, nonce);
// 8. Encode the ephemeral public key
var ephemeralPublicKeyEncoded = SubjectPublicKeyInfoEncoder.GetEncoded(ephemeralPublicKey);
// 9. Create the encrypted information construction
if (encryptionResult is { Ciphertext: not null, AuthTag: not null })
return new EncryptedCardData
{
EncryptedData = Convert.ToBase64String(encryptionResult.Ciphertext),
EphemeralPublicKey = Convert.ToBase64String(ephemeralPublicKeyEncoded),
Tag = Convert.ToBase64String(encryptionResult.AuthTag),
Nonce = Convert.ToBase64String(nonce),
// The ActivationData subject is non-obligatory and depends upon your implementation wants
ActivationData = GenerateActivationData()
};
//after which lastly
// Create the fee cross request to be returned to Apple
if (encryptedData is { EncryptedData: not null, EphemeralPublicKey: not null })
{
var request = new PKAddPaymentPassRequest
{
EncryptedPassData = NSData.FromString(encryptedData.EncryptedData, NSStringEncoding.UTF8),
ActivationData = string.IsNullOrEmpty(encryptedData.ActivationData) ? null :
NSData.FromString(encryptedData.ActivationData, NSStringEncoding.UTF8),
EphemeralPublicKey = NSData.FromString(encryptedData.EphemeralPublicKey, NSStringEncoding.UTF8)
};
// Return the request to Apple by way of the completion handler
handler(request);
}
When the handler known as, I get this:
enter picture description right here
Undecided what’s going on.
Any thought what may very well be occurring.
I am provisioned with apple. All entitlements are set and I am testing it on TestFlight.
I’ve tried reaching out to apple, reimplementing it about 3 occasions I feel. Appeared in to ChatGPT, Grok and Claude. Nothing has labored.
