4

The Passbook application in the new iOS6 keeps track of movie tickets, coupons, and other 'passes' for you, and the passes themselves are loaded onto the user's device via file packages with the .pkpass extension. I'm looking to write a script to verify the integrity of a pkpass file before it's installed on your mobile device, and I'm trying to verify the cryptographic signature that is included with each pkpass. Apple's documentation says the signature is a "PKCS #7 detached signature" signed with the developer's Apple-supplied security certificate. Apple doesn't go into any more detail, since they provide their own signpass application to do the signing, and the Passbook application by them does the verifying.

So, taking a look at some of the signature files created in pkpass files, it looks like they're a Abstract Syntax Notation One (ASN.1) data structure, in X.690 format. I can parse out the values of the file, but there's no context to it. So...

My question boils down to this; does anyone know of a listing of the ASN.1 data structure tree of the "signatures" Apple creates? Then I can hopefully figure out the formatting of the signature file and verify the detached signature on passes outside of Apple's proprietary app.

1 Answers1

2

Looks like there's nothing Apple-proprietary about this, just had to find the right search term. a "PKCS #7 Detached Signature" file is a "SignedData type" of RFC 2315 "PKCS #7: Cryptographic Message Syntax".

SignedData ::= SEQUENCE {
     version Version,
     digestAlgorithms DigestAlgorithmIdentifiers,
     contentInfo ContentInfo,
     certificates
        [0] IMPLICIT ExtendedCertificatesAndCertificates
          OPTIONAL,
     crls
       [1] IMPLICIT CertificateRevocationLists OPTIONAL,
     signerInfos SignerInfos
}