An introduction to certificate, provisioning profile, App IDs, and their relationships

Just contact with the development of iOS people will inevitably on Apple's various certificates, configuration files, etc., you may follow the online tutorials step-by-Step successful application of the real machine debugging, but still a little knowledge of the reasons. This article on certificate, provisioning profile, and so do a summary. 1. Introduction to the concept

If you have a developer account, open certificates, Indentifiers & Profiles in iOS Dev center, you can see the following list:

Profile Portal Revision for some time, after the revision of the structure is clearer than before, easy to understand and management.

The list above contains everything you need to develop, debug, and release iOS applications: certificates, Identifiers, Devices, provisioning Profiles. Here are a few things to explain.

Certificate

A certificate is used to sign an application, and only a signed application can guarantee that his source is trustworthy and that the code is complete and unmodified. In the code signing identity of the Xcode build setting, you can set up a certificate that is used to sign codes.

As we all know, before we apply for a certificate, we need to apply for a certificate signing request (CSR) file, which actually generates a pair of public and private keys, stored in your Mac keychain. The code signature uses this kind of encryption method based on the asymmetric secret key, and uses the private key to sign, verifies with the public key. As shown in the following illustration, the associated public and private keys are stored in your Mac's keychain login, and the certificate contains the public key. You can only use the private key to sign, so if there is no private key, it means you can not sign, so you can not use the certificate, at this time you can only revoke before the certificate to apply for another. Therefore, it is a good idea to export and save your private key when you are finished applying for a certificate. When you want to share a certificate with others or other devices, pass the private key to it. The private key is stored in your Mac, and the Apple-generated certificate contains the public key. When you sign the code with your private key, Apple can use the public key in the certificate to verify that you signed the code, not someone pretending to be you, and ensuring the integrity of the code.

Certificates are divided into two categories: development and production,development certificates are used to develop and debug applications, production are primarily used to distribute applications (depending on the type of certificate), The following is a breakdown of the certificate: (in parentheses, the validity of the certificate)

(Note: Different types of developer accounts can create different kinds of certificates, on the comparison of developer accounts and inhouse certificate-related content, please see my other article) Development App Development (1 years): Used to develop and real-machine debugging applications. Push Development (1 years): Used to debug Apple Push Notification Production

In-house and Ad Hoc (3 years): Applications for publishing in-house and Adhoc.

App Store: Use to publish applications that submit to the App Store. MDM CSR Push Production (1 years): Used to use Apple Push Notification in release builds. Pass Type ID certificate Website Push ID Certificate

There are some types of certificates I have not used, so I do not understand the specific role.

APP ID

The APP ID is used to identify one or a group of App,app IDs that should be consistent or matched to the bundle ID in Xcode. The app ID has two main types: Explicit App ID: The unique app ID that uniquely identifies an application, such as COM. ABC.DEMO1, identifies the program that bundle ID is com.ABC.demo1. Wildcard App ID: Wildcard app ID, used to identify a set of applications. For example, * can represent all applications, while COM. Abc.* can be expressed in COM. All applications beginning with ABC.

Each time you create an app ID, we can set up the app services that the app ID uses, which is the extra service it uses. Each additional service has different requirements, for example, if you are using Apple Push Notification Services, you must be a explicit app ID so that you can uniquely identify an application. The following are all the optional services and corresponding configuration requirements for the present.

If your app uses any of these service, configure it according to your requirements.

Device

The simplest of device is the iOS device. The devices contains all the devices available for development and testing in the account. Each device uses UDID to uniquely identify it.

The number of devices in each account is limited to 100. Disable a piece of equipment will not increase the number of places, only at the beginning of membership year can be deleted by the device to increase the number of places.

As regards the number of equipment, please see this article for details.

Provisioning profile

A provisioning profile file contains all of the above: certificates, App IDs, devices.

Imagine if we were to pack or run an application on the real machine, we first need a certificate to sign the application to identify it as legitimate, secure, complete, and so on; then you need to specify its app ID and verify that the bundle ID is consistent with it; again, if it's true machine debugging, You need to confirm that this device can be used to run the program. And provisioning profile is all packaged together, so that we can use in the debugging and Release program packaging, so that we only choose different profiles in different cases. And this provisioning profile file will be embedded in the packaging. IPA's bag.

For example, as shown in the following illustration, a provisioning profile for development contains the app ID of the provisioning profile, the certificate and the device to use. This means that the provisioning Profile packager must have the appropriate certificate and that the program that corresponds to the app ID run to the device contained in the devices.

As noted above, the process of running an application on a single device is as follows:

Like the certificate, provisioning profile is divided into development and distribution two kinds:

(Note: The types of certificates that can be created by different account types are mentioned earlier, and it is obvious that the type of profile is related to the type of certificate you can create) Development (1 years) distribution (1 years) in the House Ad Hoc app Store

The difference between House and ad hoc is: In house there is no limit on the number of devices, and ad hoc is used for testing, and the ad hoc package can only run on the available devices registered in the account, apparently with a maximum of 100 devices. So the difference between the two provisioning profile files is that the device restrictions are different, and the certificate they use is the same. 2. Development/Release Process

Understanding the above concepts, and then look at the development and release process is very simple, and I believe that you do not have to look at the tutorial can be a step-by-step to complete all the operations.

Development/true Machine debugging process

According to the above introduction, you can know that the main development have the following steps: Apply for certificate to join the device Generation Provisioning profile settings Xcode Code Sign identifer

In fact, the third step is usually not needed because we are usually developed using the iOS team provisioning profile that is generated and managed by Xcode, because it is so handy that it does not require you to manually generate provisioning profile.

The IOS team provisioning profile is the first time a device was added using Xcode, Xcode automatically generated, containing a wildcard app ID generated by Xcode (*, matching all applications), All the devices and all development certificates in the account are shown in the following figure. As a result, all members of the team can debug all of the applications on all the devices in the unit using this iOS group provisioning profile. And when a new device is added, Xcode updates the file.

Publishing process

There are a lot of things about publishing the App Store on the web, but according to the concept above, whether it's App store, in-house or AD-HOC, the packaging process is similar, including the following key steps: Creating a publishing certificate creating an app ID Create the corresponding provisioning profile file device bundle ID and app ID consistent set Xcode Code Sign identifer, select the appropriate profiles and certificates for signature, packaging

This is the certificate, provisioning profile, App ID, and so on, the next article will introduce the following in-house certificate-related content.