C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Inspect Mac App Store Receipts, Really!


In general, I feel uneasy about relying on random code fragments downloaded from the internet. And the documentation describing Mac App Store receipts, to my mind, is obtuse. I had a hard time visualizing the structure of the actual receipt container.

It turns out the Mac App Store receipt is stored as the signedPayload within a very standard public-key standards container format designed in the early 90s by RSA. Working from the fundamental documentation and a variety of internet sources on parsing DER encoded data, I decided to create the tool I needed: reveals the inner hierarchical structure of the Mac App Store receipt. You can either view the entire ASN.1 container which includes the signing certificates/signature or just inspect the "signedPayload", a fancy term for the "Mac Application Store Receipt"-specific data.



 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    

Copyright © 2005-2020
All Rights Reserved