5

I'm trying to generate a JWT token for Apple Connect but It's look like something is missing in the "Verify signature" field.

  1. From the API Apple Store Connect dashboard, I'm only able to download the "private key" name AuthKey_{kid}.p8.
  2. From https://jwt.io/, I select the "ALGORITHM" as "ES256" then two field appears in the "SIGNATURE" section : a) Public key or certificate b) Private key or certificate (AuthKey_{kid}.p8)

Issue : - I do have the "Invalid Signature" message displaying ... - I don't have any idea where to find the "Public key or cerficate"

I'm following these docs : - https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests - https://medium.com/xcblog/generating-jwt-tokens-for-app-store-connect-api-2b2693812a35

Do you have any idea how to fix find the "Public key"?

Thank you for your help,

CHAULVET Chris
  • 51
  • 3
  • Did you solve this? – Tometoyou Jun 07 '19 at 10:29
  • 2
    I also have this problem in jwt.io using a p8 key generated for sign in with Apple. The public key is not necessary to generate the signed JWT, however, it seems that the provided private p8 key is not suitable to generate a signed ES256 token. Did you solve the problem? – Andrea Gorrieri Jan 14 '20 at 13:02
  • Hello, yes, I decided to use this component : https://web-token.spomky-labs.com/ With this component, I'm able to use a certificate file to generate the token. Here is an example (without certificate file): https://web-token.spomky-labs.com/the-components/signed-tokens-jws/jws-creation – CHAULVET Chris Jan 17 '20 at 16:28

1 Answers1

10

The .p8 file includes the private and public keys. You need to extract those using OpenSSL.

To get the private key:

$ openssl ec -in AuthKey.p8 -out AuthKey_private.p8

To get the public key:

$ openssl ec -in AuthKey.p8 -pubout -out AuthKey_public.p8

Using keys generated via these commands got the signature verified on jwt.io.

Alqueraf
  • 1,148
  • 1
  • 11
  • 26
Abdullah Malik
  • 121
  • 1
  • 4