Signing Apple's passbook passes

https://stackoverflow.com/questions/22560116

18-06-2023
|

Question

I am trying to sign a manifest.json file in C# for Apple Passbook passes. I've followed Apple's guide for signing passes and looked at posts here and here. When I execute the code, a CryptographicException occurs at the line signedCms.ComputeSignature(cmsSigner); saying that

Key does not exist

This is the code I currently have:

    private void button2_Click(object sender, EventArgs e)
    {

        String manifest = System.IO.File.ReadAllText(@"C:\Users\Administrator\Downloads\Testpass\Testpass\manifest.json");
        byte[] msgBytes = Encoding.Unicode.GetBytes(manifest);
        byte[] sign = SignMsg(msgBytes, findCertificate(true));

        //byte[] sign = signit(manifest);
        File.WriteAllBytes(@"C:\Users\Administrator\Downloads\Testpass\Testpass", sign);


    }

    private byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert)
    {
        ContentInfo contentInfo = new ContentInfo(msg);
        SignedCms signedCms = new SignedCms(contentInfo, true);

        X509Certificate2 developerCertificate = new X509Certificate2(@"C:\Users\Administrator\Downloads\pass.cer");
        X509Certificate2 appleWWDRCA = new X509Certificate2(@"C:\Users\Administrator\Downloads\AppleWWDRCA.cer");
        CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, developerCertificate);
        cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly;
        cmsSigner.Certificates.Add(appleWWDRCA);
        cmsSigner.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));

        //  Sign the CMS/PKCS #7 message.
        signedCms.ComputeSignature(cmsSigner);

        //  Encode the CMS/PKCS #7 message.
        return signedCms.Encode();
    }

Is it neccessary to get the certificates from the Windows Certificate Store, or is getting it from the file system OK? Any help on how to fix the problem is appreciated!

PS: I have also looked at DotNet-Passbook, but first of all it created some problems for me, and second, I really only need the signing of the manifest file, not everything else that the library provide.

Solution

I'm the creator of dotnet-passbook.

This error looks like your certificate doesn't include the private key component.

When you open the certificate in Windows, it will indicate whether or not the private key is included.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow