Inspect Mac App Store Receipts, Really!
DOWNLOAD GKPKCS7MAC_esd.dmg
In general, I feel uneasy about relying on random code fragments downloaded from the internet. And the documentation describing Mac App Store receipts, to my mind, is obtuse. I had a hard time visualizing the structure of the actual receipt container.
It turns out the Mac App Store receipt is stored as the signedPayload within a very standard public-key standards container format designed in the early 90s by RSA. Working from the fundamental documentation and a
variety of internet sources on parsing DER encoded data, I decided to create the tool I needed: PKCS#7Viewer.app reveals the inner hierarchical structure of the Mac App Store receipt. You can either view the entire ASN.1 container which includes the signing certificates/signature or just inspect the "signedPayload", a fancy term for the "Mac Application Store Receipt"-specific data.