How to verify with the appropriate signing authority that Apple signed the public key

Question

Created Jun ’25

Replies 1

Boosts 0

Participants 2

Hello I trying to implement authentication via apple services in unity game with server made as another unity app On client side I succesfully got teamPlayerID signature salt timestamp publicKeyUrl According to this documentation https://developer.apple.com/documentation/gamekit/gklocalplayer/fetchitems(foridentityverificationsignature:)?language=objc

I have to

Verify with the appropriate signing authority that Apple signed the public key.

As I said my server is special build of unity project So now I have this kind of C# programm to check apple authority over public certificate i got from publicKeyUrl

 
        TextAsset textAsset;
        byte[] bytes;
 
        textAsset = Resources.Load<TextAsset>("AppleRootCA-G3");
        bytes = textAsset.bytes;
        rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes));
 
        textAsset = Resources.Load<TextAsset>("AppleRootCA-G2");
        bytes = textAsset.bytes;
        rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes));
        
        textAsset = Resources.Load<TextAsset>("AppleIncRootCertificate");
        bytes = textAsset.bytes;
        rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes));
        rootCert.Build(cert);

Where cert is X509Certificate2 object I ge from publicKeyUrl AppleIncRootCertificate AppleRootCA-G2 AppleRootCA-G3 is certificates I got from https://www.apple.com/certificateauthority/ But it is not work Anytime rootCert.Build(cert); return false Why it is not work? May be I build keychain using wrong root CA cert? Or whole approach incorrect? Please help

Boost

Answer 1

Frameworks Engineer OP

Apple

Jun ’25

Presently, the certificate is signed by DigiCert, which should be in most systems default trust root. Instead of configuring Apple Root CAs for this, try using your platform's default trust root.

0