Certificate Hash

App & System Services Apple Pay
dsmithar15 OP
Created Sep ’15
Replies 4
Boosts 0
Views 4k
Participants 4

Having issues calculating the hash for validation.


In the documentation for decrypting an ApplePay Payment Token:


Use the value of the

publicKeyHash
key to determine which merchant public key was used by Apple, and then retrieve the corresponding merchant public key certificate and private key.

I can't seem to get the hash to generate properly. Is the public key in the X509 returned by apple in the initial certificate exchange the correct one to use?

I'm doing this decryption at the gateway level, my code is in C# using BouncyCastle. Any help is appreciated.

Replies  4
Boosts  0
Views  4k
Participants  4
muxa OP
Feb ’16

I am facing the same problem. When i generate hash of public key bytes of the certificate used for merchant id i get a different value to the one sent to me vi 

publicKeyHash
.

Have you managed to get this solved?

0
muxa OP
Feb ’16

Initially I was doing this (in C#):

var cert = X509Certificate.CreateFromCertFile(fileName);
var publicKey = cert.GetPublicKey();
var hash = SHA256.Create().ComputeHash(publicKey);

This produced a different result to what i got form the paymentDataToken.

The working solution that I have found is to use BouncyCastle:

Org.BouncyCastle.X509.X509Certificate cert = LoadCert(fileName);
var publicKeyInfo = cert.CertificateStructure.SubjectPublicKeyInfo;
var hash = sha256.ComputeHash(publicKeyInfo.ToAsn1Object().GetEncoded());


This hash matches the publicKeyHash from paymentDataToken

0
mybootcamp OP
Apr ’17

Muxa,


Have you been able to decrypt the payment token with Apple Pay JS?

0
Vadzimka OP
Oct ’17

Take a look here: https://github.com/sidimansourjs/applepay-token

0
Certificate Hash
First post date Last post date
 
 
Q