Decrypting Apple Pay Payment Blob Using .NET

If you are here you are likely either a developer working on a payment gateway, or you are a cryptography nut. In either case, welcome! I would be in the former category. Recently at work I found myself tasked with decrypting the Apple Pay blob you get from the Apple Pay on the Web flow, so we could use it to build 3D SecurePay messages to a payment processor (on behalf of one of our merchant customers).

I’ve done a lot of crypto over the years, so I didn’t think anything of this project. Turns out, there is little support in .NET for what Apple is doing!

I’m going to write a series of posts basically going through how I was able to do this using Windows / .NET and a third party library. My goal was to do it all with what is built-in, but sadly this is not possible. More on that later.

Here’s Apple’s guide for decrypting the blob: Payment Token Format Reference

Sample code is available on GitHub.

Part 1: Verify the signature.
Part 2: Finding the merchant public key.
Part 3: Restore the symmetric key.
Part 4: Decrypt the data.

The sample code builds a .NET Core 3 WinForms app for running through all the steps covered in this series. If you want to get something up and running to quickly test your own blobs, it should do the job nicely.