What is provisioning profile (1)

When you are in touch with iOS development, provisioning profile is generally involved ). Most of the time, Apple's "Development provisioning assistant" installs the configuration file in the correct place and uses keychain access (key string Access Program) to obtain the certificate and key, and install it in the key string. After a while, you may encounter the following problems:

 

Code sign error (code signature error ):

The executable was signed with invalid entitlements. (An invalid certificate is used to sign the program)

Valid signing identity not found. (no valid signature is found)

No unexpired provisioning profiles found that contain any of the keychain's signing certificates (no desired configuration file is found in the key string signature certificate)

 

When you encounter the problem above, you may passGoogle, InStack
OverflowFind some similar problems, solve the problem successfully, and then perform other tasks. I have seen a solution to the above problem: "delete all configuration files and start again ". This can solve the problem in general, but the goal of this series of articles is that you can solve the above problem without deleting all the configuration files from the beginning.

 

Let's get started.

Each configuration file is actually a plist file signed with PKCS #7.PKCSA set of public key cryptography standards.PKCS #7Is the standard of the encryption message syntax. Apple uses this standard to sign the plist file, through the signature, OS (Operating System) verify that the installed program is from a valid developer (after verification, you can know whether the content in the plist file has been modified ). The last part of the plist file is very important and you will know why later.

In terminal (Terminal Program), use VI to open a configuration file and you can see something similar to the following:

0 <82> ^ ^è ^ f * <86> H <86> ^ m ^ A ^ G ^ B <82> ^ 1_0 <82> ^ B ^ A ^ A1 ^ K0 ^ f ^ e + ^ n ^ C ^ B ^ Z ^ e ^ @ 0 <82> ^ n ^ f * <86> H <86> ^ m ^ A ^ G ^ A <82> ^ n <9f> ^ d <82> ^ n <9B> <? XML version = "1.0" encoding = "UTF-8"?>

<! Doctype plist public "-// Apple // DTD plist 1.0 // en" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<Plist version = "1.0">

<Dict>

The above content is the header of the PKCS #7 signature. Many of the content shown below is the real signature:

</Dict>

</Plist>

<82> ^ m² 0 <82> ^ C defaults 0 <82> ^ bá^ C ^ B ^ A ^ _ 0 ^ m ^ f * <86> H <86> random ^ m ^ A ^ e ^ @ 0y1 ^ K0 ^ f ^ Cu ^ d ^ f ^ s ^ bus1 ^ S0 ^ Q ^ f ^ Cu ^ d

^ S

Apple INC.1 & 0 $ ^ f ^ Cu ^ d ^ K ^ s ^] Apple certification Authority1-0 + ^ f ^ Cu ^ d ^ C ^ s $ Apple iPhone certification authority0 ^ W ^ m080521020108z ^ w ^ m200521020108z0y1 ^ K0 ^ f ^ Cu ^ d ^ f ^ s ^ bus1 ^ S0 ^ Q ^ f ^ Cu ^ d

^ S

Apple inc.1503 ^ f ^ Cu ^ d ^ C ^ s, apple iPhone OS provisioning profile signing0 <82> ^ A "0 ^ m ^ f * <86> H <86> large ^ m ^ A ^ e ^ @ ^ C <82> ^ A ^ o ^ @ 0 <82> ^

 

Observe the bottom of the above content to see a string similar to this:Apple inc., Apple Certification Authority
And Apple iPhone OS provisioning profile signingThe file is digitally signed. The configuration file is created through the IOS provisioning portal. After you select the app ID and the appropriate number of devices udids and entitlement, Apple will sign all the information in the provisioning profile, in this way, IOS can verify whether the configuration file is actually distributed by Apple.

 

After the configuration file is digitally signed, you may ask "How do I verify this signature ?", In the terminal program, you can use the OpenSSL program for verification. OpenSSL not only verifies the signature, but also prints the signature information. In the terminal program, enter the following content for verification:

OpenSSL smime-in/path/to/Your. mobileprovision-inform der-verify

 

Now, if you want to manually edit the configuration file. For example, you want to add the udid of the new Apple device to the configuration file (not through the provisioning portal ). After editing, the verification fails and the following information is obtained:

OpenSSL smime-In key_grinder_beta_dev.mobileprovision-inform der-verify

Error reading S/MIME message

10163: Error: 0d0680a8: ASN1 encoding routines: asn1_check_tlen: Wrong Tag:/sourcecache/openssl098/OpenSSL098-47/src/crypto/ASN1/tasn_dec.c: 1315:

10163: Error: 0d08303a: ASN1 encoding routines: Rules: Nested ASN1 error:/sourcecache/openssl098/OpenSSL098-47/src/crypto/ASN1/tasn_dec.c: 657: field = signer_info, type = unknown

10163: Error: 0d08303a: ASN1 encoding routines: asn1_template_noexp_d2i: Nested ASN1 error:/sourcecache/openssl098/OpenSSL098-47/src/crypto/ASN1/tasn_dec.c: 747:

10163: Error: 0d08403a: ASN1 encoding routines: Rules: Nested ASN1 error:/sourcecache/openssl098/OpenSSL098-47/src/crypto/ASN1/tasn_dec.c: 577: field = D. sign, type = pkcs7

 

This is not the best mistake I have ever seen (Apple limits each developer account to use up to 100 devices, and prevents you from adding more udids)

 

This section describes the basic knowledge of a configuration file. The next article will introduce the content in the plist file in depth-what does this information mean to your program and xcode?