Issue while generating subscription offer signature for IOS in Go Server - ios

Go Verion : go version go1.16.7 linux/amd64
import (
uuid ""
Code I'm using
var (
// the id and private key below is got from here:
AppleKeyId = "mykeyid"
ApplePrivateKey = `-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----`
privateKey, _ = AuthKeyFromBytes([]byte(ApplePrivateKey))
sep = "\u2063"
AppBundleID = "mybundlename"
func AuthKeyFromBytes(key []byte) (*ecdsa.PrivateKey, error) {
var err error
// Parse PEM block
var block *pem.Block
if block, _ = pem.Decode(key); block == nil {
return nil, errors.New("token: AuthKey must be a valid .p8 PEM file")
// Parse the key
var parsedKey interface{}
if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
return nil, err
var pkey *ecdsa.PrivateKey
var ok bool
if pkey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
return nil, errors.New("token: AuthKey must be of type ecdsa.privateKey")
return pkey, nil
type SignParams struct {
ProductIdentifier string `json:"productIdentifier"`
OfferID string `json:"offerID"`
ApplicationUsername string `json:"applicationUsername"`
type SignResult struct {
KeyID string `json:"keyID"`
Nonce string `json:"nonce"`
Timestamp int64 `json:"timestamp"`
Signature string `json:"signature"`
func Sign(params *SignParams) (SignResult, error) {
nonce := uuid.NewV4().String()
timestamp := time.Now().UnixNano() / 1000000
payload := AppBundleID + sep +
AppleKeyId + sep +
params.ProductIdentifier + sep +
params.OfferID + sep +
params.ApplicationUsername + sep +
nonce + sep +
fmt.Sprintf("%v", timestamp)
hash := sha256.Sum256([]byte(payload))
sig, err := privateKey.Sign(rand.Reader, hash[:], nil) Error Here
if err != nil {
return SignResult{}, err
return SignResult{
KeyID: AppleKeyId,
Nonce: nonce,
Timestamp: timestamp,
Signature: base64.StdEncoding.EncodeToString(sig),
}, nil
Issue at: sig, err := privateKey.Sign(rand.Reader, hash[:], nil) in Sign Function
Error on the console:
2021/09/13 09:47:59 [Recovery] 2021/09/13 - 09:47:59 panic recovered:
POST /signatures HTTP/1.1
Host: localhost:5000
Accept: */*
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 114
Content-Type: application/json
Postman-Token: 12f5ac0a-3379-40ad-826e-78dc63579cbb
User-Agent: PostmanRuntime/7.28.4
runtime error: invalid memory address or nil pointer dereference
/usr/local/go/src/runtime/panic.go:212 (0x435cda)
panicmem: panic(memoryError)
/usr/local/go/src/runtime/signal_unix.go:734 (0x44e852)
sigpanic: panicmem()
/usr/local/go/src/crypto/ecdsa/ecdsa.go:204 (0x5652b8)
Sign: entropylen := (priv.Curve.Params().BitSize + 7) / 16
/usr/local/go/src/crypto/ecdsa/ecdsa.go:116 (0x564ba4)
(*PrivateKey).Sign: r, s, err := Sign(rand, priv, digest)
/usr/local/go/src/crypto/ecdsa/ecdsa.go:286 (0xd8fd0f)
SignASN1: return priv.Sign(rand, hash, nil)
/home/zainkhan/GolandProjects/kotc-server/controllers/signature.go:121 (0xd8fcc1)
Sign: sig, err := ecdsa.SignASN1(rand.Reader, privateKey, hash[:])
/home/zainkhan/GolandProjects/kotc-server/controllers/signature.go:39 (0xd8f284)
(*signaturesController).post: final, err := Sign(req)
/home/zainkhan/GolandProjects/pkg/mod/ (0x992c99)
(*Context).Next: c.handlers[c.index](c)
/home/zainkhan/GolandProjects/pkg/mod/ (0x992c80)
CustomRecoveryWithWriter.func1: c.Next()
/home/zainkhan/GolandProjects/pkg/mod/ (0x991d73)
(*Context).Next: c.handlers[c.index](c)
/home/zainkhan/GolandProjects/pkg/mod/ (0x991d32)
LoggerWithConfig.func1: c.Next()
/home/zainkhan/GolandProjects/pkg/mod/ (0x988109)
(*Context).Next: c.handlers[c.index](c)
/home/zainkhan/GolandProjects/pkg/mod/ (0x9880ef)
(*Engine).handleHTTPRequest: c.Next()
/home/zainkhan/GolandProjects/pkg/mod/ (0x987bdb)
(*Engine).ServeHTTP: engine.handleHTTPRequest(c)
/usr/local/go/src/net/http/server.go:2867 (0x6e2462)
serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/local/go/src/net/http/server.go:1932 (0x6dd88c)
(*conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/local/go/src/runtime/asm_amd64.s:1371 (0x46e5a0)
goexit: BYTE $0x90 // NOP
I don't know why its coming,

The actual problem is that func AuthKeyFromBytes(key []byte) is returning nil with some error or corrupted data into privateKey. Then while you are calling privateKey.Sign go is not able to conver variable privateKey of type PrivateKey into pointer *PrivateKey.
Do not omit error assignment and check for error before using privateKey
privateKey, privateKeyError = AuthKeyFromBytes([]byte(ApplePrivateKey))


Decryption error with golang using RSA crypto package

I am using dart/flutter package encrypt to encrypt a string like this:
Future<String> encryptPIN({required String pin}) async {
final RSAPublicKey publicKey;
final publicPem =
await rootBundle.loadString('assets/keys/private-key.pem');
publicKey = RSAKeyParser().parse(publicPem) as RSAPublicKey;
final encrypter =
Encrypter(RSA(publicKey: publicKey, encoding: RSAEncoding.OAEP));
final encryptedPIN = encrypter.encrypt(pin).base64;
return encryptedPIN;
And trying to decrypt using golang
func Decrypt(rsaPrivateKey *rsa.PrivateKey, cipherText []byte) []byte {
hash := sha256.New()
r := rand.Reader
label := []byte(nil)
decryptedSum, err := rsa.DecryptOAEP(hash, r, rsaPrivateKey, cipherText, label)
if err != nil {
return decryptedSum
The dart side works, the encryption happens but the golang side fails with an error crypto/rsa: decryption error.
What could i be doing wrong?

Keep getting empty response when adding place via google place API

I'm trying to add a place within app scope via google place API. For this I'm using golang. But I keep on getting no result, there is no error message.
Here is my code
type latlng struct {
lat, lng float64
type newPlace struct {
location latlng
accuracy int
name string
phone_number string
address string
types string
func main() {
requestUrl := "<MYAPIKEY>"
obj := newPlace{
location: latlng{
lat: 52.1502824,
lng: 38.2643063,
name: "some field",
types: "storage",
bodyBytes, err := json.Marshal(&obj)
if err != nil {
body := bytes.NewReader(bodyBytes)
rsp, err := http.NewRequest("POST", requestUrl, body)
if err != nil {
defer rsp.Body.Close()
body_byte, err := ioutil.ReadAll(rsp.Body)
if err != nil {
Here is the documentation that I followed.
I'm a bit new to golang, any help would be much appreciated.
FYI I wrote this article on this touchy topic (JSON data encoded into a POST body request in Go).
You're missing 4 things here:
the http.Client creation. Then you need to execute the request you're preparing with http.NewRequest by using client.Do.
add json fields to your struct and export variables contained in struct by capitalizing variables's first letters
set Content-Type to application/json
Google is expecting an array instead of a string in types, so I replace with an array containing 1 string (but you should adapt this depending on how many types you want to pass to Google)
Here is a working script:
type latlng struct {
Lat float64 `json:"lat"`
Lng float64 `json:"lng"`
type newPlace struct {
Location latlng `json:"location"`
Accuracy int `json:"accuracy"`
Name string `json:"name"`
PhoneNumber string `json:"phone_number"`
Address string `json:"address"`
Types [1]string `json:"types"`
func main() {
requestUrl := "<your key>"
types := [1]string{"storage"}
obj := newPlace{
Location: latlng{
Lat: 52.1502824,
Lng: 38.2643063,
Name: "some field",
Types: types,
bodyBytes, err := json.Marshal(&obj)
if err != nil {
body := bytes.NewReader(bodyBytes)
client := &http.Client{}
req, err := http.NewRequest("POST", requestUrl, body)
req.Header.Add("Content-Type", "application/json")
if err != nil {
rsp, err := client.Do(req)
defer rsp.Body.Close()
body_byte, err := ioutil.ReadAll(rsp.Body)
if err != nil {
Hope it's working now !
You're trying to marshall objects to JSON which have no exported fields, so the resulting JSON document is empty. Per the JSON documentation, it will only marshall exported fields (those whose names begin with a capital letter). Try:
type latlng struct {
Lat float64 `json:"lat"`
Lng float64 `json:"lng"`
type newPlace struct {
Location latlng `json:"location"`
Accuracy int `json:"accuracy"`
Name string `json:"name"`
PhoneNumber string `json:"phone_number"`
Address string `json:"address"`
Types string `json:"types"`

Twitter oauth golang getting Error "code":32,"message":"Could not authenticate you."

I am trying to do implement signing in with twitter account in golang. I am the first step where in I am trying to get the request token. As a reference I used the mrjones's code available at below link.
I am getting following error. Please let me know where am I going wrong:
{"errors":[{"code":32,"message":"Could not authenticate you."}]}
var twitterConf = &TwitterConfig{
ClientID: " my consumer key",
ClientSecret: "my consumer key secret",
RedirectURL: "http://localhost:8080/oauth/twitterOauth2callback",
Endpoint: ServiceProvider{
RequestTokenUrl: "",
AuthorizeTokenUrl: "",
AccessTokenUrl: "",
func HandletwitterLogin(res http.ResponseWriter, req *http.Request, _ httprouter.Params) {
ctx := appengine.NewContext(req)
params := url.Values{}
params.Add(CALLBACK_PARAM, twitterConf.RedirectURL)
params.Add(CONSUMER_KEY_PARAM, twitterConf.ClientID)
params.Add(NONCE_PARAM, strconv.FormatInt(rand.New(rand.NewSource(time.Now().UnixNano())).Int63(), 10))
params.Add(TIMESTAMP_PARAM, strconv.FormatInt(time.Now().Unix(), 10))
params.Add("oauth_token", "my oauth token")
baseString := requestString("POST", twitterConf.Endpoint.RequestTokenUrl, params)
signature, err6 := Sign(baseString, "my token secret")
params.Add(SIGNATURE_PARAM, signature)
Url, err := url.Parse(twitterConf.Endpoint.RequestTokenUrl)
Url.RawQuery = params.Encode()
firsturl := Url.String()
reqnew, err2 := http.NewRequest("POST", firsturl, nil)
if err2 != nil {
log.Errorf(ctx, "ERROR IN CREATING NEW REQUEST %+v ", err2)
reqnew.Header.Add("Authorization", "OAuth ")
client := urlfetch.Client(ctx)
resp, err3 := client.Do(reqnew)
if err3 != nil {
log.Errorf(ctx, "ERROR IN doing the client request %+v ", err3)
bodyBytes, err4 := ioutil.ReadAll(resp.Body)
log.Infof(ctx, "HandletwitterLogin 5 ")
if err4 != nil {
log.Errorf(ctx, "ERROR IN READALL RESP BODY %+v ", err4)
bodyStr := string(bodyBytes)
//Here i am getting above mentioned error
These are the other functions which I used.
func requestString(method string, url string, params url.Values) string {
result := method + "&" + escape(url)
for key, value := range params {
if len(value) > 0 {
result += escape("&")
result += escape(fmt.Sprintf("%s=%s", key, value))
return result
func Sign(message string, tokenSecret string) (string, error) {
key := escape(twitterConf.ClientSecret) + "&" + escape(tokenSecret)
h := hmac.New(crypto.SHA1.New, []byte(key))
rawSignature := h.Sum(nil)
base64signature := base64.StdEncoding.EncodeToString(rawSignature)
return base64signature, nil
Able to solve the problem. I made two changes:
encoded the params variables before passing for encryption to create signature
baseString := "POST"+"&"+ encode(twitterConf.Endpoint.RequestTokenUrl) + "&"+encode(params.Encode())
To create header, I created my own header string
headerstring := "OAuth oauth_callback=\"http%3A%2F%2Flocalhost%3A8080%2Foauth%2FtwitterOauth2callback\",oauth_consumer_key=\"consumerkey\",oauth_nonce=\"" +
params.Get(NONCE_PARAM) + "\",oauth_signature=\"" + escape(signature) + "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" + params.Get(TIMESTAMP_PARAM) +
"\",oauth_token=\"" + escape("oauth token") + "\",oauth_version=\"1.0\""
reqnew.Header.Add("Authorization", headerstring)
This solved the problem and I started getting access token

"wrong final block length" when Ruby decrypts data encrypted by go

I'm trying to encrypt a piece of data in Go and then store it into a database to be later pulled out and decrypted by Rails.
Here is the Go encryption code:
func Encrypt(text []byte) ([]byte, error) {
key := []byte("a very very very very secret key")
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
b := base64.StdEncoding.EncodeToString(text)
ciphertext := make([]byte, aes.BlockSize+len(b))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return nil, err
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
return ciphertext, nil
And here is my Ruby code to decrypt:
def decrypt(message)
key = "a very very very very secret key"
iv = message[0, 14]
data = message[15, message.length+1]
key = Digest::SHA256.digest(key) if(key.kind_of?(String) && 32 != key.bytesize)
iv = Digest::MD5.digest(iv) if(iv.kind_of?(String) && 16 != iv.bytesize)
aes ='AES-256-CBC')
aes.key = key
aes.iv = iv
aes.update(data) +
This is giving me an error message of:
OpenSSL::Cipher::CipherError: wrong final block length
Can anyone help let me know what I'm doing wrong?

How to authenticate the GKLocalPlayer on my 'third party server'?

iOS7 introduced new GKLocalPlayer method generateIdentityVerificationSignatureWithCompletionHandler().
Does anyone know how to use it for good?
I assume there will be some public API at Apple server-side..
Here is a C# WebApi server side version:
public class GameCenterController : ApiController
// POST api/gamecenter
public HttpResponseMessage Post(GameCenterAuth data)
string token;
if (ValidateSignature(data, out token))
return Request.CreateResponse(HttpStatusCode.OK, token);
return Request.CreateErrorResponse(HttpStatusCode.Forbidden, string.Empty);
private bool ValidateSignature(GameCenterAuth auth, out string token)
var cert = GetCertificate(auth.PublicKeyUrl);
if (cert.Verify())
var csp = cert.PublicKey.Key as RSACryptoServiceProvider;
if (csp != null)
var sha256 = new SHA256Managed();
var sig = ConcatSignature(auth.PlayerId, auth.BundleId, auth.Timestamp, auth.Salt);
var hash = sha256.ComputeHash(sig);
if (csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA256"), Convert.FromBase64String(auth.Signature)))
// Valid user.
// Do server related user management stuff.
return true;
// Failure
token = null;
return false;
catch (Exception ex)
// Log the error
token = null;
return false;
private static byte[] ToBigEndian(ulong value)
var buffer = new byte[8];
for (int i = 0; i < 8; i++)
buffer[7 - i] = unchecked((byte)(value & 0xff));
value = value >> 8;
return buffer;
private X509Certificate2 GetCertificate(string url)
var client = new WebClient();
var rawData = client.DownloadData(url);
return new X509Certificate2(rawData);
private byte[] ConcatSignature(string playerId, string bundleId, ulong timestamp, string salt)
var data = new List<byte>();
return data.ToArray();
public class GameCenterAuth
public string PlayerId { get; set; }
public string BundleId { get; set; }
public string Name { get; set; }
public string PublicKeyUrl { get; set; }
public string Signature { get; set; }
public string Salt { get; set; }
public ulong Timestamp { get; set; }
Here is how you can authenticate using objective c. If you need it in another language should be trivial to translate.
__weak GKLocalPlayer *localPlayer = [GKLocalPlayer localPlayer];
localPlayer.authenticateHandler = ^(UIViewController *viewController, NSError *error)
[[[UIApplication sharedApplication] keyWindow].rootViewController presentViewController:viewController animated:YES completion:nil];
else if(localPlayer.isAuthenticated == YES)
[localPlayer generateIdentityVerificationSignatureWithCompletionHandler:^(NSURL *publicKeyUrl, NSData *signature, NSData *salt, uint64_t timestamp, NSError *error) {
if(error != nil)
return; //some sort of error, can't authenticate right now
[self verifyPlayer:localPlayer.playerID publicKeyUrl:publicKeyUrl signature:signature salt:salt timestamp:timestamp];
NSLog(#"game center disabled");
-(void)verifyPlayer:(NSString *)playerID publicKeyUrl:(NSURL *)publicKeyUrl signature:(NSData *)signature salt:(NSData *)salt timestamp:(uint64_t)timestamp
//get certificate
NSData *certificateData = [NSData dataWithContentsOfURL:publicKeyUrl];
//build payload
NSMutableData *payload = [[NSMutableData alloc] init];
[payload appendData:[playerID dataUsingEncoding:NSASCIIStringEncoding]];
[payload appendData:[[[NSBundle mainBundle] bundleIdentifier] dataUsingEncoding:NSASCIIStringEncoding]];
uint64_t timestampBE = CFSwapInt64HostToBig(timestamp);
[payload appendBytes:&timestampBE length:sizeof(timestampBE)];
[payload appendData:salt];
SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData); // load the certificate
SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
SecTrustRef trust;
OSStatus statusTrust = SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
if(statusTrust != errSecSuccess)
NSLog(#"could not create trust");
SecTrustResultType resultType;
OSStatus statusTrustEval = SecTrustEvaluate(trust, &resultType);
if(statusTrustEval != errSecSuccess)
NSLog(#"could not evaluate trust");
if(resultType != kSecTrustResultProceed && resultType != kSecTrustResultRecoverableTrustFailure)
NSLog(#"server can not be trusted");
SecKeyRef publicKey = SecTrustCopyPublicKey(trust);
uint8_t sha256HashDigest[CC_SHA256_DIGEST_LENGTH];
CC_SHA256([payload bytes], (CC_LONG)[payload length], sha256HashDigest);
//check to see if its a match
OSStatus verficationResult = SecKeyRawVerify(publicKey, kSecPaddingPKCS1SHA256, sha256HashDigest, CC_SHA256_DIGEST_LENGTH, (const uint8_t *)[signature bytes], [signature length]);
if (verficationResult == errSecSuccess)
as of March 2nd 2015, apple now uses SHA256 instead of SHA1 on the certificate.
It took me a lot of time to implement it in PHP. Now I would like to share my result.
You can find a very simple documentation at Apple:
Use the publicKeyURL on the third party server to download the public key.
Verify with the appropriate signing authority that the public key is signed by Apple.
Retrieve the player’s playerID and bundleID.
Concatenate into a data buffer the following information, in the order listed:
The playerID parameter in UTF-8 format
The bundleID parameter in UTF-8 format
The timestamp parameter in Big-Endian UInt-64 format
The salt parameter
Generate a SHA-256 hash value for the buffer.
Using the public key downloaded in step 3, verify that the hash value generated in step 7 matches the signature parameter provided by the API.
Notice! Number 7 is a trap in PHP that cost me hours. You have to pass only the raw concatenated string to the openssl_verify() function.
The update from Jul 9 2014 in the question How to authenticate the GKLocalPlayer on my 'third party server' using PHP? helped me to find the problem.
Final Source
// signature, publicKeyUrl, timestamp and salt are included in the base64/json data you will receive by calling generateIdentityVerificationSignatureWithCompletionHandler.
$timestamp = $params["timestamp"]; // e.g. 1447754520194
$user_id = $params["user_id"]; // e.g. G:20010412315
$bundle_id = "com.example.test";
$public_key_url = $params["publicKeyUrl"]; // e.g.
$salt = base64_decode($params["salt"]); // Binary
$signature = base64_decode($params["signature"]); // Binary
// Timestamp is unsigned 64-bit integer big endian
$highMap = 0xffffffff00000000;
$lowMap = 0x00000000ffffffff;
$higher = ($timestamp & $highMap) >>32;
$lower = $timestamp & $lowMap;
$timestamp = pack('NN', $higher, $lower);
// Concatenate the string
$data = $user_id . $bundle_id . $timestamp . $salt;
// ATTENTION!!! Do not hash it! $data = hash("sha256", $packed);
// Fetch the certificate. This is dirty because it is neither cached nor verified that the url belongs to Apple.
$ssl_certificate = file_get_contents($public_key_url);
$pem = chunk_split(base64_encode($ssl_certificate), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
// it is also possible to pass the $pem string directly to openssl_verify
if (($pubkey_id = openssl_pkey_get_public($pem)) === false) {
echo "invalid public key\n";
// Verify that the signature is correct for $data
$verify_result = openssl_verify($data, $signature, $pubkey_id, OPENSSL_ALGO_SHA256);
switch($verify_result) {
case 1:
echo "Signature is ok.\n";
case 0:
echo "Signature is wrong.\n";
echo "An error occurred.\n";
Thanks, #odyth. Thanks, #Lionel.
I want to add Python version (based on yours) here. It has minor flaw - Apple certificate is not verified - there is no such API at pyOpenSSL binding.
import urllib2
import OpenSSL
import struct
def authenticate_game_center_user(gc_public_key_url, app_bundle_id, gc_player_id, gc_timestamp, gc_salt, gc_unverified_signature):
apple_cert = urllib2.urlopen(gc_public_key_url).read()
gc_pkey_certificate = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, apple_cert)
payload = gc_player_id.encode('UTF-8') + app_bundle_id.encode('UTF-8') + struct.pack('>Q', int(gc_timestamp)) + gc_salt
OpenSSL.crypto.verify(gc_pkey_certificate, gc_unverified_signature, payload, 'sha1')
print 'Signature verification is done. Success!'
except Exception as res:
print res
public_key_url = ''
player_GC_ID = 'G:1870391344'
timestamp = '1382621610281'
your_app_bundle_id = 'com.myapp.bundle_id'
with open('./salt.dat', 'rb') as f_salt:
with open('./signature.dat', 'rb') as f_sign:
authenticate_game_center_user(public_key_url, your_app_bundle_id, player_GC_ID, timestamp,,
Adding an answer for Python, but using PyCrypto 2.6 (Which is the Google App Engine solution).
Also note that verification of the public certificate after downloading is not done here, similar to the python answer above using OpenSSL. Is this step really necessary anyway? If we check that the public key URL is going to an apple domain and it's using ssl (https), doesn't that mean that it's protected from man-in-the-middle attacks?
Anyway, here is the code. Note the binary text is reconverted to binary before concatenation and use. Also I had to update my local python installation to use PyCrypto 2.6 before this would work:
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA
from base64 import b64decode
from Crypto.Util.asn1 import DerSequence
from binascii import a2b_base64
import struct
import urlparse
def authenticate_game_center_user(gc_public_key_url, app_bundle_id, gc_player_id, gc_timestamp, gc_salt, gc_unverified_signature):
apple_cert = urllib2.urlopen(gc_public_key_url).read()
#Verify the url is https and is pointing to an apple domain.
parts = urlparse.urlparse(gc_public_key_url)
domainName = ""
domainLocation = len(parts[1]) - len(domainName)
actualLocation = parts[1].find(domainName)
if parts[0] != "https" or domainName not in parts[1] or domainLocation != actualLocation:
logging.warning("Public Key Url is invalid.")
raise Exception
cert = DerSequence()
tbsCertificate = DerSequence()
subjectPublicKeyInfo = tbsCertificate[6]
rsakey = RSA.importKey(subjectPublicKeyInfo)
verifier =
payload = gc_player_id.encode('UTF-8')
payload = payload + app_bundle_id.encode('UTF-8')
payload = payload + struct.pack('>Q', int(gc_timestamp))
payload = payload + b64decode(gc_salt)
digest =
if verifier.verify(digest, b64decode(gc_unverified_signature)):
print "The signature is authentic."
print "The signature is not authentic."
require 'base64'
require 'httparty'
module GameCenter
include HTTParty
# HHTTParty settings
def authenticate_game_center_user(gc_public_key_url, gc_player_id, gc_timestamp, gc_salt, gc_unverified_signature)
# Get game center public key certificate
gc_pkey_certificate = get_gc_public_key_certificate(gc_public_key_url)
# Check public key certificate
unless public_key_certificate_is_valid?(gc_pkey_certificate) do
# Handle error
# Check SSL errors
unless OpenSSL.errors.empty? do
# Handle OpenSSL errors
# Payload building
payload = build_payload(gc_player_id, gc_timestamp, gc_salt)
# Test signature
unless signature_is_valid?(gc_pkey_certificate, gc_unverified_signature, payload) do
# Handle error
# Check SSL errors
unless OpenSSL.errors.empty? do
# Handle OpenSSL errors
# Return player ID
def build_payload(player_id, timestamp, salt)
player_id.encode("UTF-8") + "com.myapp.bundle_id".encode("UTF-8") + [timestamp.to_i].pack("Q>") + salt
def get_gc_public_key_certificate(url)
cert = HTTParty.get(url, timeout: HTTPARTY_TIMEOUT, debug_output: Rails.env.production?)
rescue SocketError => e
puts "Key error: " + e.inspect.to_s
def get_ca_certificate'./certs/apple/verisign_class_3_code_signing_2010_ca.cer'))
def public_key_certificate_is_valid?(pkey_cert)
def signature_is_valid?(pkey_cert, signature, payload)
pkey_cert.public_key.verify(, signature, payload)
Here's my ruby implementation (as module). Thanks to your Objective-C, it has been a lot easier.
Please note, I had been forced to download the CA certificate on a third party ssl service website, because the public key certificate hasn't been signed Apple and Apple doesn't provide any CA certificate to validate sandbox game center certificate so far.
I haven't tested this in production but it works fine in sandbox mode.
Thanks for the code samples, here comes golang solution:
func DownloadCert(url string) []byte {
b, err := inet.HTTPGet(url)
if err != nil {
log.Printf("http request error %s", err)
return nil
return b
func VerifySig(sSig, sGcId, sBundleId, sSalt, sTimeStamp string, cert []byte) (err error) {
sig, err := base64.StdEncoding.DecodeString(sSig)
if err != nil {
salt, err := base64.StdEncoding.DecodeString(sSalt)
if err != nil {
timeStamp, err := strconv.ParseUint(sTimeStamp, 10, 64)
if err != nil {
payload := new(bytes.Buffer)
binary.Write(payload, binary.BigEndian, timeStamp)
return verifyRsa(cert, sig, payload.Bytes())
func verifyRsa(key, sig, content []byte) error {
cert, err := x509.ParseCertificate(key)
if err != nil {
log.Printf("parse cert error %s", err)
return err
pub := cert.PublicKey.(*rsa.PublicKey)
h := sha256.New()
digest := h.Sum(nil)
err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, digest, sig)
return err
a little http helper
func HTTPGet(fullUrl string) (content []byte, err error) {
log.Printf("http get url %s", fullUrl)
resp, err := http.Get(fullUrl)
if err != nil {
log.Printf("url can not be reached %s,%s", fullUrl, err)
if resp.StatusCode != http.StatusOK {
return nil, errors.New("ERROR_STATUS_NOT_OK")
body := resp.Body
content, err = ioutil.ReadAll(body)
if err != nil {
log.Printf("url read error %s, %s", fullUrl, err)
test code
func TestVerifyFull(t *testing.T) {
cert := DownloadCert("")
if cert == nil {
log.Printf("cert download error ")
sig := "sig as base64"
salt := "salt as base64"
timeStamp := "1442816155502"
gcId := "G:12345678"
bId := "com.xxxx.xxxx"
err := VerifySig(sig, gcId, bId, salt, timeStamp, cert)
log.Printf("result %v", err)
a little function to validate the cert download url. Prevent to download from any where anything
func IsValidCertUrl(fullUrl string) bool {
uri, err := url.Parse(fullUrl)
if err != nil {
log.Printf("not a valid url %s", fullUrl)
return false
if !strings.HasSuffix(uri.Host, "") {
log.Printf("not a valid host %s", fullUrl)
return false
if path.Ext(fullUrl) != ".cer" {
log.Printf("not a valid ext %s, %s", fullUrl, path.Ext(fullUrl))
return false
return true
Thanks to those who provided solutions in other languages.
Here are the relevant bits of solution in Scala (trivial to convert to Java):
private def verify(
signatureAlgorithm: String,
publicKey: PublicKey,
message: Array[Byte],
signature: Array[Byte]): Boolean = {
val sha1Signature = Signature.getInstance(signatureAlgorithm)
val x509Cert = Try(certificateFactory.generateCertificate(new ByteArrayInputStream(publicKeyBytes)).asInstanceOf[X509Certificate])
x509Cert.foreach { cert =>
signatureAlgorithm = Some(cert.getSigAlgName)
} match {
case Success(pk) =>
log.debug("downloaded public key successfully")
publicKey = Some(pk)
val buffer ="UTF-8") ++
bundleId.getBytes("UTF-8") ++
ByteBuffer.allocate(8).putLong(r.timestamp).array() ++
val result = verify(signatureAlgorithm.getOrElse("SHA256withRSA"), pk, buffer, Base64.decode(r.signature))"verification result {} for request {}", result, r)
where r is an instance of:
case class IOSIdentityVerificationRequest(
id: PlayerIdentity, // String
publicKeyURL: String,
signature: String, // base64 encoded bytes
salt: String, // base64 encoded bytes
timestamp: Long,
error: Option[String]) extends IdentityVerificationRequest
Here is an updated and improved Ruby version. I have tested it with the Apple sandbox, but not with production yet. I have also documented where to get the CA certificate in order to verify the certificate you receive from the public key URL.
# iOS Game Center verifier for 3rd party game servers written in Ruby.
# *** Credits ***
# Based off of code and comments at
# *** Improvements ***
# This version uses Ruby's built in HTTP client instead of a 3rd party gem.
# It's updated to use SHA256 instead of SHA1.
# It Base64 decodes the salt and signature. If your client or server already does this then you will need to remove the calls to Base64.decode64().
# It validates that the public key URL is from
# It has been tested with Apple's Game Center's sandbox public key URL ( and works as of June 24th, 2015.
# *** Notes on public key certificate validation ***
# You will need the correct code signing CA to verify the certificate returned from the pubic key URL.
# You can download/verify the CA certificate here:
# I have embedded the CA certificate for convenience so that you don't need to save it to your filesystem.
# When the public key URL changes in the future, you may need to update the text in the ca_certificate_text() method.
# *** Usage ***
# verified, reason = GameCenterVerifier.verify(...)
class GameCenterVerifier
# Verify that user provided Game Center data is valid.
# False will be returned along with a reason if any validations fail.
# Otherwise, it will return true and a nil reason if all validations pass.
def self.verify(game_center_id, public_key_url, timestamp, salt, signature, bundle_id)
salt = Base64.decode64(salt)
signature = Base64.decode64(signature)
payload = game_center_id.encode('UTF-8') + bundle_id.encode('UTF-8') + [timestamp.to_i].pack('Q>') + salt
pkey_certificate = get_public_key_certificate(public_key_url)
return false, 'Invalid public key url' unless public_key_url_is_valid?(public_key_url)
return false, 'Invalid public key certificate' unless public_key_certificate_is_valid?(pkey_certificate)
return false, 'OpenSSL errors (before signature check)' unless OpenSSL.errors.empty?
return false, 'Invalid signature' unless signature_is_valid?(pkey_certificate, signature, payload)
return false, 'OpenSSL errors (after signature check)' unless OpenSSL.errors.empty?
return true, nil
def self.get_public_key_certificate(url)
uri = URI.parse(url)
http =, uri.port)
request =
http.use_ssl = true
http.open_timeout = 5
http.read_timeout = 5
cert = http.request(request).body
def self.public_key_url_is_valid?(public_key_url)
uri = URI(public_key_url)
tokens ='.')
return false if uri.scheme != 'https'
return false if tokens[-1] != 'com' || tokens[-2] != 'apple'
def self.public_key_certificate_is_valid?(pkey_cert)
def self.signature_is_valid?(pkey_cert, signature, payload)
pkey_cert.public_key.verify(, signature, payload)
def self.get_ca_certificate
def self.ca_certificate_text
data = <<EOF
Here is my implementation in Elixir.
def verify_login(player_id, public_key_url, timestamp, salt64, signature64, bundle_id) do
salt = Base.decode64!(salt64)
pay_load = <<player_id :: binary, bundle_id :: binary, timestamp :: big-size(64), salt :: binary>>
pkey_cert = get_public_key_certificate(public_key_url)
cert = :public_key.pkix_decode_cert(pkey_cert, :otp)
case cert do
{:OTPTBSCertificate, _, _, _, _, _, _,
{:OTPSubjectPublicKeyInfo, _, key}, _, _, _}, _, _} ->
signature = Base.decode64!(signature64)
case :public_key.verify(pay_load, :sha256, signature, key) do
true ->
false ->
{:error, "apple login verify failed"}
def get_public_key_certificate(url) do
case HTTPoison.get(url) do
{:ok, %HTTPoison.Response{body: body}} ->
