Code signature developed by Iphone

Code signature developed by iPhone

English version:

Http://developer.apple.com/iphone/gettingstarted/docs/signingcodeforiphonedev.action

The code signature ensures the authenticity of the code and clearly identifies the source of the Code. Before the code runs on a development system and before the code is submitted to Apple for release, Apple requires that all applications must be digitally signed. In addition, apple must add its own digital signature before publishing each application.
Digital Signature and signature ID
Apple requires that all iPhone applications use a digital signature license provided by Apple to registered iPhone developers. This signature proves the identity of the application developer and ensures that the application has not been modified or tampered with after the signature.
Digital signatures use two completely different methods, namely, the weekly public key and private key arithmetic relationship encryption. Private keys are used in the signature process. The public key is used to verify the validity of the signature. The public signature is stored in the signature certificate, and the private signature is stored separately. The private key that combines the certificate and arithmetic encryption is called a digital or signature ID.
To obtain the signature ID for the iPhone, you must use the certificate Assistant in the keychain access utility to create a signing permission request Certificate Signing Request (CSR ), you submit this request to get the formal permission for the entry to the plan for using the iPhone developer program. After your request is officially approved, download the Certificate file and double-click the file to install it in your keychain ), when you use the certificate assistant utility to generate a signed license request for Certificate Signing Request (CSR), you may not see this much because it automatically generates a pair of shared-private keys. It includes the public key in the request sent to Apple and the private key stored in your key chain ).
When you download and install the signature license, the Keychain Access utility associates it with the private key to create a signature ID. Open the Keychain Access utility and click My Certificates under the Category panel to view the private keys associated with the license.

When you install a signed application on your iphone, the iphone OS will verify the signature to ensure that the application has been signed and has not been tampered with after the signature. If the signature is invalid or you have no signature at all, the iphone OS will not allow the application to run.
Similarly, when you submit your application to apple for approval and deployment, you must first use your signature to sign your application, submit your signature certificate together with the program. (Private keys do not need to be submitted to apple .) Apple then verifies that the program code comes from a valid registered developer. Finally, Apple uses her own signature certificate to sign your signed application. Then your applications can run properly on the iPhone and iPod Touch. This mechanism ensures the security of applications written by registered developers downloaded by the device owner from iTunes, and these applications have not been modified.
Copy the signature ID to another machine
If you develop more than one machine (such as an office computer and your home laptop), you need to have your signature on both platforms. Because the signature license file you downloaded from the Program Portal does not include your private key, it is not enough to copy the signature license file to another computer. You need to use Keychain Access to export the Personal Information Exchange file. The procedure is as follows: Open Keychain Access, select a file, and export items, (Keychain Access-> File-> Export Items) Export the license and private key as your personal information replacement File, copy it to another machine, double-click the file to import the license and key to the keychain.
Keep your private key secure and valid
As long as you hold the signature ID, especially your private key, the system will be very secure. However, if any unauthorized person uses your signature license and private key, they can modify your application and apply for a signature for the modified Code, or they can write their own applications as you. Therefore, the security of your private key is the most basic means to prevent your software and logo from being maliciously used.
Before obtaining the signature ID and processing the code signature, you must determine who in your company will own the ID, who uses it, and how to ensure the security of the identity. For example, if this identifier must be used by many people, you can place it in the keychain of a safer computer and assign a password for the keychain to verify the user identity, alternatively, you can place the key in a user's smart card with a PIN code.
By default, your Keychain password is the same as your machine login password, and the keychain remains unlocked as long as you log on to your machine. This is equivalent to placing your car key on the desk next to the backdoor, And the backdoor is unlocked all day long. If only the key can drive your car, you have not effectively protected your car key. How can you ensure the safety of your car?
To ensure the security of the signature and some other valuable secret information in the keychain, you should at least take the following measures:
• Automatically lock your keychain if it is not used: In Keychain Access utility, select Edit-> Change Settings for Keychain and check the multiple selection box (the first two items are available ).

• Use a different Password for your Keychain: Under the Keychain Access utility, select Edit-> Change Password to Change the Keychain Password. In the Change Password dialog box, select the lock icon to obtain the password assistant. Make sure that you remember your modified password and do not write your password at will.

In addition, the key ensures the physical security of your computer and prevents unauthorized users from using your computer.
Like other important data, You 'd better back up the signature ID to a safe place. You can put it in the keychain of another machine, or replace the file with Personal Information Exchange (. p12) file) to an encrypted CD or encrypted hard disk image. Make sure that the passwords you use are robust and that the physical security of the computer with a signature license (try not to allow untrusted people to use them ).
Where to start?
The iPhone Developer Program website provides detailed procedures for obtaining and installing signature marks. Click the website icon in the upper-right corner of the iPhone DevCenter page. (You need to log in to this connection to make the connection valid .)
For more information about digital signatures, encryption keys, and certificate licenses, visit Security Overview and Code Signing Guide.
Security Overview

Http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Introduction/chapter_1_section_1.html

Code Signing Guide

Http://developer.apple.com/documentation/Security/Conceptual/CodeSigningGuide/Introduction/chapter_1_section_1.html