IOS Code Signing: A detailed explanation

Original link Address: http://www.cnblogs.com/andyque/archive/2011/08/30/2159086.html

The code signing code signature developed by the iphone ensures that the code is real and clearly identifies the source of the code. Apple requires all applications to be digitally signed before the code runs on a development system, and before the code is submitted to Apple for publishing. In addition, Apple adds his own digital signature before each application is published. Digital signature and signature identification Apple requires that all iphone applications be digitally signed with a signed license from Apple to a registered iphone developer. This signature proves the identity of the application developer and ensures that the application has not been modified or tampered with since it was signed. Digital signatures use two distinct ways: the public key and the arithmetic-relational cryptography of the private key. The private key is used during the signing process. The public key is used to verify the validity of this signature. The public signature is stored in the signing certificate, and the private signature is stored separately, and the private key that is combined with the arithmetic encryption is called a digital ID or a signature identifier. To get a signature for iphone development, you need to use the certificate assistant inside Keychain Access utility to create a signed license request Certificate Signing request (CSR), You are submitting this request in the hope of getting a formal license to use the program entrance of the iphone developer program. Once your request has been formally approved, download the certificate file, double-click the file to install it into your keychain (keychain), and generate a signed license request using Certificate Assistant utility certificate In the process of Signing Request (CSR), these you may not see very clearly, because it automatically generates a pair of shared-private keys. It includes the public key in the license request that is sent to Apple and the private key stored in your keychain (keychain). When you download the install signing license,  keychain Access Utility Associates it with the private key to create the signature identity. Open  keychain Access utility  Click My certificates  under the  category panel to view the associated private key for the license. When you install a signed application to your iphone, iphone os  will verify the signature to ensure that the application has been signed and has not been tampered with since it was signed. If the signature is invalid or you have no signature at all, the iphone Os  will not allow the application to run. Similarly, when you submit your application to apple  for approval and deployment, first, you must sign your application with your signature ID, and submit your signing certificate along with the program. (private keys are not submitted to Apple.) Then  apple verifies that the program code is from a valid registered developer. Finally,  apple signed your signed application with her own signing certificate. Your app will then be able to run normally on iphone ,ipod touch. This mechanism ensures that the owners of these devices have downloaded the security of the applications written by the registered developers from the top of itunes, and that these applications have not been modified. Copying signature identities to other machines if you are developing more than one machine (for example, Office PCs and your home laptops), you need to have your signature logo on both. Because the signing license file you downloaded from the   program portal does not include your private key, it is not enough to simply copy the signed license file to your other computer. You need to use  keychain access  to export a personal information replacement file ( personal information exchange ), the following steps to open  keychain Access, select files, export items, export licenses and private keys (Keychain access-> file-> export items) as your personal information to replace files, copy them to another machine, Double-click the file to import the license and key into keychain. Keep your private key safe and effective as long as you have a signature ID, especially your private key, this system will be very secure. However, if any unauthorized person uses your signing license and private key, they can modify your application and can request a signature for these modified codes, or they can write their own application as you are. So your private key's self-security is the most basic means of preventing your software and logos from being used maliciously. Before you get a signature identification and handle code signing, you have to determine who in your company will have this identity, who uses this identity, and how to ensure the security of this identity. For example, if the logo must be used by multiple people, you can place it in a keychain of a more secure computer and assign keychain a password to verify the identity of the user, or you can place the key in a smart card with a PIN code for the user. By default, your keyThe chain password is the same as your machine login password, and keychain will remain unlocked as soon as you log in to your machine. This is the same as when you put your car keys on the table next to the back door, and the back door is unlocked all day. If only the key can drive your car, you do not effectively protect your car keys, how can you guarantee the safety of your car? In order to ensure the security of signature identification, as well as the security of valuable secret information under some other keychain, you should at least take the following actions:

• set your Keychain to lock automatically when not in use: Under  keychain Access utility, select Edit-> change Settings for keychain  and tick the Multi box (the first two items are available).
• use a password different from the login password for your Keychain:  under  keychain Access utility, select Edit-> change password  To change the password for  Keychain . In the Change Password dialog box, check the lock icon to get the password assistant. Be sure to remember your revised password and don't write down your password. In addition, the key guarantees the physical security of your computer and prevents unauthorized people from using your computer.

Like other important data, you might want to back up your signature identity to a safe place. You can either place it in the keychain of another machine or save it in an encrypted CD or an encrypted hard disk image in a way that replaces the file with personal information ( personal information Exchange (. p12) file ). Verify that the password you are using is robust, and that the physical security of the computer with the signed license (try not to allow untrusted people to use them). Where to start? The IPhone Developer program  website has detailed procedures for obtaining and installing signature logos, click on the website icon in the top right corner of the  iphone devcenter  page. (You need a login to enter, this connection will be valid.) For more information about digital signatures, encryption keys, and certificate licensing, visit  security overview and code Signing guide.security overviewhttp:// Developer.apple.com/documentation/security/conceptual/security_overview/introduction/chapter_1_section_1. Htmlcode Signing guidehttp://developer.apple.com/documentation/security/conceptual/codesigningguide/introduction /chapter_1_section_1.html    original link address: http://www.cnblogs.com/andyque/archive/2011/08/30/2159086. HTML Tutorial:    Here is an article from a full-time iOS developer in Melbourne, Australia. He was a very modern young  –adam Eberbach on the forum. Bundle Identifier Provisioning Profiles　　APP ID Certificate signing Request for beginners, it's really hard to figure out what the difference is. Let's uncover their mysteries, and after reading this article, you should be able to relate these things together and you can understand how they work andThe ability to successfully run your app on device. Of course, this assumes that you are already an iOS developer, have an IDP, and already have some experience with Xcode and iOS development.　　If you're just starting to learn iOS, you can start by looking at other introductory tutorials. Well, here we go.　　  How important are they? The main meaning of Code signing  is that it allows your app to run on your device.　　Whether it's your own device, your customer, or your consumer on the App Store.　　Without code signing, you can only run your app on the emulator, or on a jailbroken machine----of course, that's just not enough for us. Simulator testing is only a preliminary test, the simulator is not a substitute for real-world debugging, because: • The real device will usually use the processor on your Mac machine compared to the simulator slow simulator, and a real iphone can be far from this condition.　　So if you're not really running on your device, you may be ignoring the actual performance issues. For example, you create a new viewbased application, and then add the following code to the Viewdidload:

 int count = 200000; 
 Nsmutablearray * array = [Nsmutablearray arraywithcapacity:count]; 
 for (int i =0; i < count; ++i) {
 [array addobject:[nsstring stringwithformat:@ '%d ', I]]; 
} 

    The above code may run in 1-2 seconds on the emulator, but on the real machine (like the iphone 3GS), it will take about 7 seconds. • The device has a lot less memory. In the same vein, the simulator uses the memory on your Mac,　　And a real iphone has much less memory. In particular, the game usually uses a lot of pictures and consumes a lot of memory.　　On older machines, a texture image has a maximum size of 24MB, which is the 8bit texture of 1024x1024. Memory exhaustion is definitely something you don't want to see, because it takes up more than a certain range of memory, and the OS will force you to quit your app, and the app crashes for the user.   Some APIs are only valid on devices such as In-app purchase API, or core Animation in instrument. It's all going to be tested on the real machine.　　(maybe later versions of iOS or Xcode can support, but after all, the real machine test is a guarantee) in general, you did not test on the real machine, is equal to you did not really test finished. • (Translator Note: Some visual effects may be seen on the emulator that are inconsistent with the real machine)  　　There are some lazy ways in Xcode: In the Organizer interface, check devices  right-developer profile, you can see a menu like this.　　There's a lot of stuff going on in this article.　　Here you can sign in your developer account, automatically register your app and run it on your device.　　Of course, if this is always useful, this article will be meaningless. As a developer, you should know more.　　Public and private keys  private key before continuing profiling, we will simply parse the public key private key.　　There are two kinds of encryption methods in the world: symmetric cryptography  symmetric passwords and  asymmetric cryptography asymmetric passwords. For symmetric passwords, there is only one key.　　For example, you have a key and a corresponding encrypted message.　　Only those who know the key can interpret this information. For an asymmetric password, there are two key–  public and private keys.   For example, if you encrypt some information with a private key, it can be encrypted by the public key corresponding to that private key when someone receives this information.　　So they can be sure that this information is coming from you (at least you're encrypting it). This private key is equivalent to a "signature".   (you add the secret, you sign the word) and this, is in the iOS coThe principle behind de signing.　　 code Signing Objects and Code Signing related things have  : Provisioning profiles,app ids,udids ...　　In this section, we will explain one by one.　　I used core data to draw a chart that describes the relationships between these objects. This is a developer's   (development profile), which makes a small difference to the publisher's diagram.   Private key  private key: After Mac OS x , key is managed by an app called  keychain.   You can find it in  Application\Utilities . Running keychain, you can see which public and private keys are in your name. Like this: (This is privacy, to be overweight) if you do not see a list of any key, do not worry.　　Keychain will help you create the first time you use the certification.　　The key listed here is the basis for your provisioning or code signing.　　You must have key to sign code or post your app in the App Store.　　What if the key is missing? You have to do the whole process again  –  because without the key, your certification is no longer valid, your provisioning profile will only generate error.　　You'll waste a lot of time, so take good care of it. If you have not backed up, I suggest you Export it immediately, through File\export items&nbsp, and save it in a safe place, such as a small partition. Or use your mobile me account to sync your saves.　　  have multiple keys?　　If you create an account on a different Mac, you will have multiple keys.　　This brings up the problem that the authentication generated on machine A will fail on machine B without the private key. So, you can copy all of your keys to all your Mac machines. (so don't bother) or, I'd recommend using only one key.　　UDID udid  (unique Device Identifier) is a unique identifier that distinguishes a physical device.　　All your iphone must have a different udid, including your ipad and so on.　　Typically, Udid will be a 40-bit hexadecimal string.　　The identifier:If the app doesn't come from the App Store, your code needs to have UDID information to run. How do you know the udid of the equipment you own?　　There are several ways.　　1  If your device is connected to the Xcode machine, you can see Udid in the Organizer.　　2  no Xcode friends can also, in itunes's  summary interface, have serial number (serial numbers) information, click to see. 3  This is the simplest way to download an ad Hoc helper in the App Store.  Certificate  Certification is your personal developer certification, or more ornate: "Apple worldwide Developer Relations Certification Authority　　Certificate "(which is not translated), this is essentially some data that represents trust-empowerment. Get a certification, you need a son. Keychain Access generates a  certificate Signing Request and sends it to Apple.　　This creates a pair of   public key-private keys (if not yet). When Apple receives it, it verifies the information and then creates a certification for you.　　 app ID Create a project in Xcode4, you want to provide  product name  and  company identifier information.　　Product name is a shorter name for your app. Company identifier, usually a reverse DNS string, for example: Com.mycompanyname the two together, it seems bundle identifier.　　You'll find it in the info.plist. For each app you want to publish, you'll need to register your app ID in itunes Developer Center.　　Such as. This needs to be consistent with what you set up in Info.plist.  provisioning profile put together the things that were mentioned earlier: · App id  (unique logo for app) · udid  (unique identity running on a device) · certificate  (Developer certification) is the so-called provisioning profile.   Provisioning Profile  is imported into device via Xcode or itunes, or packaged into an. IPA file that contains apps and profiles.　　You can create your Provisioning profile in iOS Provisioning portal . To create a new one, there are a few steps: • Name your profile and later you'll see in Xcode's Organizer,buid settings  and some other places • Choose your certificate to choose your app ID, Be consistent in the Info.plist. • Select the device you want to apply to. Usually, I have all my equipment selected.　　  Signature for personal use  signing Suppose you already have an app ready to test, and you have an IDP, and you're dealing with provisioning profile.　　Now that you know what the logic is, if you're new to it, here's what you're going to do: 1  Check your public key for convenience, and get a good name. 2  Use keychain access to create your development certification.　　Then download the Apple Certification for you, double-click the installation, and then you can see it in the keychain.　　3  Download "Apple Worldwide Developer Relations Certification Authority Certificate" (WWDR) is also double-click the installation, or you can see it in keychain.　　4  Check the bundle ID of your project to create a consistent app ID in the provisioning portal. 5  Add the Udid you want in the provisioning portal.　　(plus all) 6  Create provisioning profile,  for your certificate to specify your app id  and Udid.　　7  Download the profile you just created and drag it to your Xcode organizer.　　Then, you can sign your project and let them run on your device.　　In Target–build settings&nbsp, scroll down to the  code signing section. Try editing the debug schema, which is suitable for team collaboration: in automatic profileSelector Select "IPhone Developer", you will see that your certification has been automatically selected. Everything is done, connect your device, select Debug Build,build & Run in Xcode.   Xcode will put this provisioning profile on your device and run your app.

IOS Code Signing: FAQ