Apphud – integrate, analyze and improve in-app purchases and subscriptions in your iOS/Android apps

Development

StoreKit Testing Bug: Subscription Offers are not working

Hi there! In our recent post, we announced that Apphud now supports in-app purchases made using StoreKit Configuration file. However, we would like to warn you that currently purchasing subscription offers using Xcode generated Subscription offers key is not available to … anyone. Regardless of using Apphud or not.

App Store Connect generated Subscription Key

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgKfLl2Sldom13UQJi
WdTL8aRc90qEigTA/QelysCOTiCgCgYIKoZIzj0DAQehRANCAASm29jY3KbTHtJI
GkOgiXtvWnidZp5N+B/RDC9T0n/vZV/UCmbAA1wa1f5jF6E2YwzK5r/fsTAEac66
IlbfvTT4
-----END PRIVATE KEY-----

These keys work correctly and Apphud successfully generates signatures using them.

Xcode generated Subscription Key

However, the private key that is being generated in Xcode 12 is a different format key, and the algorithm described in Apple docs just doesn’t work!

To find this popup window:

  • Create a StoreKit configuration file as described in our previous blog post.
  • With StoreKit Configuration file selected in the project navigator, go to Editor > Subscription Offers Key.

The subscription key is a pair, which contains the public and private keys. And only a private key is displayed in the Xcode popup window. To view the full subscription key pair just open your Configuration.storekit file in any text editor, since it’s just a text json file. There you will find subscriptionOffersKeyPair key. Here is an example below:

"subscriptionOffersKeyPair" : {
  "id" : "AD97257D",
  "privateKey" : "MF8CAQEEGNSWDVsrVXfxGfn2wvQAUUNHA/S+nqDvwqAKBggqhkjOPQMBAaE0AzIA\nBK0s7Oq6mdN0mcimQvy+ofIpVfnZx7b/KZ7uesoNx6LwwQ3w5XyjrUN5Mx1onhl8\nQg==",
  "publicKey" : "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAErSzs6rqZ03SZyKZC/L6h8ilV+dnH\ntv8pnu56yg3HovDBDfDlfKOtQ3kzHWieGXxC"
}

The bug

The bug is that the private key downloaded from App Store Connect uses a P-256 curve whereas the one provided by StoreKit Testing in Xcode uses a P-192 curve (OpenSSL identifies it as prime192v1). So generating a signature is not working, because OpenSSL unable to read the file. It throws “Unable to load key” or “Could not parse PKey: no start line” errors.

We contacted Apple Premium DTS Support, they confirmed that it is Xcode 12 bug. The issue persists in Xcode 12.4 (12D4e) and Xcode 12.5 beta (12E5220o).

The workaround

By default, OpenSSL is unable to parse the key with the header & footer that Xcode displays. You can workaround this issue by modifying the header and footer of the PEM format.

The header should be:

-----BEGIN EC PRIVATE KEY-----

and the footer should be:

 -----END EC PRIVATE KEY-----

We continue to communicate with Apple Premium Support and will update the article, once the issue is resolved. Hope it will be fixed in the next Xcode 12 release.

Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *