An explanation of the concepts related to iOS certificates

About the development of certificate configuration (certificates&identifiers&provisioning Profiles), I believe that the students do iOS development is not lost, this article will be related to the concept of a systematic comb.

before you make an iOS certificate request, assume that you've used an Apple device and registered an Apple ID. First, you must join the Apple Developer program (Enrollin IOS Developer programs to become a member), divided into individual and company/organization two types.

The following are mainly based on the personal developer account (individual):$99/year.

a . Certificates ( certificates)

As the name implies, certificates are used to prove the legality and completeness of the content (the codesign of the app). For applications that are published to the appstore/installation to the real Machine (app), only signature verification (CodeSign) ensures that the source is trustworthy and that the code is complete and tamper-proof.

certificates fall into two categories: Development and the Production ( Distribution).

• Development certificates are used to develop and debug applications;
• Production primarily used to distribute applications (depending on the type of certificate).

The following focuses on the development certificate for the development debug phase.

two . APP ID ( bundle identifier)

The APP ID is used to identify one or a group of app,appid that should be consistent or matched to the bundle identifier in Xcode.

The APP ID string is typically the Companyidentifier (company ID) in the anti-domain (reverse-domain-name) format as the prefix (prefix/seed).

App IDs are divided into two categories:

• explicit App ID Span style= "font-family: ' Microsoft Yahei '; Font-size:14px ">: Unique app ID, which is used to uniquely identify an application. For example " Com.apple.garageband "This app ID, used to identify bundles identifier for " Com.apple.garageband
• Wildcard App ID : A wildcard app ID that identifies a group of applications. For example, "*" means all applications, while "com.apple.*" can be expressed as "com.apple. " "begins with all applications.

three . Equipment ( Device)

Device is an iOS system for developing and debugging iOS apps that each device uses UDID to uniquely identify. After your iOS device is connected to your Mac, you can get the iphone's Udid (identifier) via Itunes->summary or xcode->window->devices.

The devices contains all the devices available for development and testing in the account, and the general Personal Development Account can register up to 100 devices per year.

• Apps signed by your or your team run only on designated development devices.
• Apps run only on the test devices you specify.

Four . Provisioning Profiles (Provisioning Profiles )

The Provisioning profile contains all of the above: certificates,App IDs, devices . It determines which certificate (public key)/private key combination (KeyPair) is used by Xcode to sign the application (Signing Product), which is embedded in the. IPA package when the application is packaged. When the application is installed, the Provisioning profile is copied to the iOS device, and the device running the iOS app authenticates the installed program.

If you want to package or run an app on a real machine, you typically go through the following three steps:

• first , A certificate is required for signature, which identifies the app as legitimate, secure, and complete;
• Second , you need to indicate its app ID and verify that the bundle ID is consistent with it;
• then , if it is a real-machine debug, you need to confirm that the device is authorized to run the app.

Provisioning Profile Packs All this information together so that we are using it when debugging and distributing the program. This way, you can choose different provisioningprofile files in different situations.

Provisioning profile is also divided into development and distribution, with the same validity period as certificate.

Five . Development Group Provisioning Profiles (Team Provisioning Profiles )

The new feature of Team Provisioningprofile was added to the Xcode3.2.3 pre-release version.

When you add an Apple Developer account in Xcode, it automatically generates Iosteamprovisioning profile (Managed by Xcode) with the Apple Dev Center background blending.

Team Provisioning profile contains an iOS team Provisioning that is generated for the Xcode iOS Wildcard App ID (*) profile:* (Match all applications), all development certificates and devices in the account can use it to debug all applications on all devices registered with this EAM (regardless of what bundleidentifier is). It also creates a corresponding Iosteam Provisioning profile for wildcard/explicit App IDs created by developers themselves.

Team Provisioning profile Generation/Update timing:

• (1). Add an Apple ID account to Xcode
• (2). Fix issue "No Provisioning Profiles with a valid signingidentity" in Xcode
• (3). Assign Your App to a Team in Xcode project Settings ofgeneral| Identity
• (4). Register new device on the Apple development website or xcodedetected new device connected

Using the iOS Team Provisioning profile generated and managed by Xcode is easy to develop, and you don't need to manually generate download Provisioning profile on the website.

Six . APP Group

WWDC14 In addition to the release of IOS 8.0 is also starting to become more open outside OS X v10.10 and SWITF. When it comes to openness, of course, the application extension (appextension). As the name implies, app extensions allow developers to extend the app's custom features and content, allowing them to use the functionality of other applications, enabling functionality and resource sharing across applications. The extension can be understood as a lightweight (Nimbleand lightweight) clone.

Extensions and their containing apps have their own sandbox, although extensions are embedded in the Containingapp as plug-ins, but they are separate binary packages that cannot be exchanged for mutual visits to each other's sandbox. in order to achieve containing app with extended data sharing, Apple introduced a new concept in IOS 8--app Group, which is primarily used for data sharing with apps under the same group, specifically through shared Ziyuan District identified by the app group ID- -app Group Container.

placed on the same a group of apps under App Group The Appids must be unique (Explicit), and the app ID of Containingapp and extension must conform to the specification. General extension app ID to containing app as seed, if GarageBand this app (app id= "com.apple.garageband"), support from the voice memo into GarageBand Applied Plug -in AppID may be shaped like "Com.apple.garageband. Extimportrecording".

Seven . Certificates and Signatures ( certificate& Signature)

When you manually request a development certificate through the Keychain Certificate Assistant (also available through Xcode automatic request generation), Keychain will generate a CSRthat contains the developer identity information (Certificate Signing Request) file, Keychain access| A pair of public/private Keypairs will be added to the keys.

Uploading the CSR file on the Apple development site, Apple Certification Authority Wwdrca (Apple worldwide Developer Relations Certification authority) will use the WWDR private Key generates a digital certificate (Ios_development.cer) for encrypting the Publick key in the CSR.

Download the certificate to Mac on the keychainaccess| after you double-click Install In the keys, expand the CSR to generate the arrow in front of the private key in the key pair, and you can view the certificate that contains its corresponding public key (Your requested certificate will Bethe publicly half of the key pair.); in Keycha inaccess| In certificates, expand the arrow in front of the installed certificate (ios_development.cer) to see its corresponding private key.

The private key corresponding to each certificate (in fact, the public key) is used to digitally executable the content (code,resources such as images and nib files aren ' t signed) Signature (CodeSign)--Generates a content Digest (Digest) using a hashing algorithm. As mentioned above, the public key is included in the digital certificate, and the digital certificate is included in the description file (Provisioningfile), and the description file is copied to the iOS device when the app is installed.

On the other hand, the iOS system and the MacOS X system (when installing Xcode) will automatically install applewwdrca.cer This intermediate certificates. If your Mac Keychain Access Certificate Assistant has not installed the certificate when you request it, download the installation first. The Ios_development.cer on the Ios/mac machine can be decrypted by the public key in the Applewwdrca.cer, thus obtaining the trusted key in each development certificate.

The IOS/MAC device (System) uses the public key in the Appprovisioning profile certificate to determine the legality of the app code signature:

• (1) If the public key can be successfully decrypted to obtain a summary of the content, which proves that the content is certified by the developer, that is, the source is trustworthy;
• (2) The content itself uses the hash algorithm to calculate the digest, if the previous step obtained by the same, the proof content has not been tampered with, that is, the content is credible.

Eight implementation of Development Account/certificate sharing on multiple machines

If you added the accounts to Xcode preferences, select the team entry | Viewdetails: You can view signing identities and Provisioningprofiles.

• Select the account you want to export, click +-After? | Exportaccounts, you can export a * that contains account/code signingidentity/provisioning profiles information. developerprofile (Exporting a Developer profile) files are available for Xcode development on other machines (import the account).
• Select the signing identity entry you want to export, click the bottom of the column +? | Export, you must enter the password, and you need to authorize Exportkey "Privatekey" from keychain, will be exported certificates.p12 , or keychain access| Certificates Select the certificate or its lower private key to export, right-click Export or through the menu file| Export Items certificates. P12.

On other Mac machines, double-click CERTIFICATES.P12 (password required) to install the shared certificate, register the iOS device you want to debug on the developer website and download the corresponding certificate to authorize the iOS debug device provisioning Profile files can be developed and debugged on iOS real-world devices.

Reference:

iphone real-Computer debug app IOS Developer: real-computer test

"about certificate, Provisioning profile, App ID and its relationship"

IOS development--certificates, Provisioning Profiles

digital signatures and digital certificates " things for Apple developer account

< Span style= "font-size:14px" > code signature analysis/inside codes Signing "IOS Code Signing Learning Note"

An explanation of the concepts related to iOS certificates