What’s new in Apphud: Refund Requests Win Back Solution, Web-to-App Match Quality, Integration Improvements, and SDK UpdatesLet’s see
Apphud
Why Apphud?PricingContact
Ren
Ren
March 27, 2021
2 min read

StoreKit Testing Bug: Subscription Offers are not working

We would like to warn you that currently purchasing subscription offers using Xcode generated Subscription offers key is not available to anyone. Regess of using Apphud or not.

StoreKit Testing Bug: Subscription Offers are not working

App Store Connect generated the Subscription Key

-----BEGIN PRIVATE KEY----- 
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgKfLl2Sldom13UQJi  
WdTL8aRc90qEigTA/QelysCOTiCgCgYIKoZIzj0DAQehRANCAASm29jY3KbTHtJI  
GkOgiXtvWnidZp5N+B/RDC9T0n/vZV/UCmbAA1wa1f5jF6E2YwzK5r/fsTAEac66  
IlbfvTT4  
-----END PRIVATE KEY-----

These keys work correctly and, Apphud successfully generates signatures using them.

Xcode generated Subscription Key

However, the private key that is generated in Xcode 12 is a different format key, and the algorithm described in Apple docs just doesn't work!

Subscription KeySubscription Key

To find this popup window:

  • Create a StoreKit configuration file as described in our previous blog post using the link above.
  • With StoreKit Configuration file selected in the project navigator, go to Editor -> Subscription Offers Key.

The subscription key is a pair, which contains the public and private keys. And only a private key is displayed in the Xcode popup window. To view the full subscription key pair just open your Configuration.storekit file in any text editor, since it's just a text json file. There you will find subscriptionOffersKeyPair key. Here is an example below:

"subscriptionOffersKeyPair" : {  
    "id" : "AD97257D",  
    "privateKey" : "MF8CAQEEGNSWDVsrVXfxGfn2wvQAUUNHA/S+nqDvwqAKBggqhkjOPQMBAaE0AzIA\\nBK0s7Oq6mdN0mcimQvy+ofIpVfnZx7b/KZ7uesoNx6LwwQ3w5XyjrUN5Mx1onhl8\\nQg==",  
    "publicKey" : "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAErSzs6rqZ03SZyKZC/L6h8ilV+dnH\\ntv8pnu56yg3HovDBDfDlfKOtQ3kzHWieGXxC"  
  }

The bug

The bug is that the private key downloaded from App Store Connect uses a P-256 curve whereas the one provided by StoreKit Testing in Xcode uses a P-192 curve (OpenSSL identifies it as prime192v1). So generating a signature is not working, because OpenSSL unable to read the file. It throws "Unable to load key" or "Could not parse PKey: no start line" errors.

We contacted Apple Premium DTS Support, they confirmed that it is Xcode 12 bug. The issue persists in Xcode 12.4 (12D4e) and Xcode 12.5 beta (12E5220o).

The workaround

By default, OpenSSL is unable to parse the key with the header & footer that Xcode displays. You can workaround this issue by modifying the header and footer of the PEM format.

The header should be:

```
-----BEGIN EC PRIVATE KEY-----
```

and the footer should be:

 `-----END EC PRIVATE KEY-----`

We continue to communicate with Apple Premium Support and will update the article, once the issue is resolved. Hope it will be fixed in the next Xcode 12 release.

To get more insights regarding subscription app revenue growth read the Apphud Blog.

Ren
Ren
Co-founder at Apphud
Ex iOS app and game developer. 11 years in the industry since iOS 3. More than 50 apps are in the background with 4 exits. Entrepreneur and traveler.