This article assumes that you already have some basic xcode development experience and have registered an iOS developer account.
Related basic encryption algorithm
In modern cryptography, there are two main kinds of encryption algorithms: symmetric key encryption and public key encryption.
Symmetric key Encryption
Symmetric key encryption (Symmetric-key algorithm) is also known as symmetric encryption, private key encryption, and shared key encryption.
This type of algorithm uses the same key when encrypting and decrypting.
For example: The most common application scenario-system login.
To successfully log into the system, you must enter the correct password, which is unique and is the same as when it was created. In the same way, the other person must enter the only correct password for the successful landing.
Public key Encryption
Public key encryption (Public-key cryptography, also known as asymmetric key encryption).
This type of algorithm uses a different key when encrypting and decrypting.
Such cryptographic algorithms should have two keys: the public key and the private key. The public key, which is public, can be obtained by anyone; The private key, which is private, is owned by the holder only.
This type of encryption algorithm is characterized by: the content of the public key encryption can only be decrypted with the private key, the content of the private key encryption can only be decrypted with the public key.
The characteristics of this type of cryptographic algorithm determine that it can be used to implement data encryption, and can be used to implement identity authentication (digital signature).
Encryption & Authentication
We need to differentiate between the two basic concepts of encryption and authentication.
Encryption is the encryption of data, so that illegal users, even if the encrypted data can not obtain the correct information content, so data encryption to protect data, prevent monitoring attacks. The focus is on the security of the data.
Identity authentication is used to determine the authenticity of an identity, after confirming the identity, the system can be given the appropriate permissions according to their identity. Its focus is on the authenticity of the user.
To implement both requirements (encryption and authentication), encryption algorithms are required, but not all of the algorithms can implement identity authentication. Identity authentication now generally uses a public key encryption algorithm.
The following highlights how to use the public key encryption algorithm for encryption and authentication.
How is encryption implemented?
Data that is encrypted with a public key can only be decrypted by the corresponding private key.
For example, I want to send you an encrypted message. I have to have your public key, I use your public key to encrypt the message. This will ensure that the message is not visible to others and is not tampered with. Because only you can decrypt it with your own private key.
How to achieve certification?
Data that is encrypted with a private key can only be decrypted by the corresponding public key. (Remember, the private key is owned by the holder only)
Use my (A1) private key to encrypt the message, send you (B1), you can use my public key decryption. This will ensure that the mail is sent to me (A1).
Digital ID & Digital certificate (certificates) & Digital Certification authority (CA) & Root certificate Digital ID
A digital ID is a type of identity, a pair of "keys", a pair of public & private keys. It is typically generated with local system tools.
O
Digital certificate Certification Authority
The digital certificate Certification authority (CA, Certificate Authority) is the authority responsible for issuing and managing digital certificates, and acts as a trusted third party in the transaction, assuming responsibility for the legality of public key in the public key system.
Digital certificates
Digital certificate is a kind of identity recognition mechanism used in computer. A digital certificate is not a digital ID, but an identity certification authority (a digital certificate authority) that adds a digital signature to a digital ID. This behavior indicates that the identity certification body has identified the licensee. How does this "determination" work? Refer to ' How to verify the validity of a digital certificate '.
Digital certificates typically contain information such as:
- Certificate Publishers
- Certificate Holder
- Validity period (the certificate is invalid before or after this period)
- Certificate holder's public key (*)
- Certificate extensions, including some additional information
- The hashing algorithm that is used
- Digital signature, which is a hash of the above information generated with the CA's private key encryption (*)
How can I verify the validity of a digital certificate?
That is, how to ensure that digital certificates are CA-certified?
Note: data that is encrypted with a private key can only be decrypted by the corresponding public key.
principle: The hash value of the data information of the data certificate is computed H1, the digital signature on the certificate is decrypted with the public key of the CA H2, if H1 equals H2, the certificate is valid and CA-certified.
How does the CA's public key get? It is included in the root certificate.
Root certificate
The root certificate, which is the digital certificate issued by the CA to itself, is the starting point of the chain of trust. It is generally placed on the CA website for anyone to download.
Digital signatures
Digital signature is a kind of common physical signature written on paper, but it uses the technology of public key cryptography to identify the digital information method.
The digital signature has integrity, non-repudiation (that is, non-repudiation).
From ' How to achieve certification? ' section, we know that we can use the features of the public encryption algorithm to achieve "authentication", that is, the signature. But there is a problem that anyone can or might impersonate me (A1)! That is, anyone can impersonate me (A1) to send him durable his private key encrypted data and his public key to you. In other words, you can't make sure that the public key you receive is Me (A1)!
So, this requires a mechanism to ensure that. This mechanism is based on the "digital certificate" and "CA" as previously mentioned. It ensures that I (A1) is CA certified.
The principle of digital signature
Signature:
The sender calculates a hash value for the data to be sent, and then encrypts the hash value with his private key to generate a "signature (value)", and the sender has a "digital certificate" (remembering that it has a public key) to request from the CA, and finally the sender puts "data", "signature (value)" and "Digital certificate" Sent to the receiver together.
Verify Signature:
After the recipient receives the sent "data", "signature (value)" and "Digital certificate", a series of validations are made to determine whether the digital signature is valid:
- Open and verify the validity of the "digital certificate";
- Computes the hash value of the data H1, decrypts the signature (value) with the public key of the digital certificate record, and H2 the value, if H1==H2, the digital signature is valid.
Xcode code Signing related Keychain
A tool for storing and managing private information, such as keys, under a Mac.
Identifiers/bundle Id/app ID
This is the unique identity of the app.
Device UUID
This is the unique identification of the device.
Provisioning Profiles
This is the last Profiles we want to generate, which records the APP ID, the UUID, and the certificate it trusts.
When Xcode deploys an application to the real machine, it checks for the appropriate:
- Is there a valid certificate for matching in the keychain? Reference to ' How can I verify the validity of a digital certificate? '
- Is the profiles effective? Reference to ' digital signature principle '
- Does the app ID of the app you want to deploy match the app ID of the profiles record?
- Does the UUID match?
You can deploy to a real machine only if all of the tests have passed.
Start Generate key
Fill in the email and name and select "Saved to Disk".
Finally, under "keys" to generate a pair of new keys, in order to identify the convenience later, it is best to rename it, double-click can be renamed. A CRS file is also generated.
Install root certificate
This certificate is called Worldwide Developer relations Certificate Authority, which can be downloaded via this link: https://developer.apple.com/ Certificationauthority/applewwdrca.cer, generally downloaded file name is: Applewwdrca.cer.
This certificate is typically installed automatically by Xcode.
Request a developer certificate from Apple (CA)
Login to the Apple Developer Center and Certificates, Identifiers & Profiles | iOS Apps | Certificates | Development
Add a certificates to the following:
The next step will come up and ask your husband to become a CRS file, which is what we did when we generated the key:
Go directly to the next step, and upload the CRS file that you just generated, and then submit the certificate for generation. Download it, double-click it, and it will automatically be added to the keychains.
Create APP ID
Identifiers
under Create a new app ID.
Add the set UUID to the Devices registration list
Devices
under Add.
Generate profiles
Certificates, Identifiers & Profiles | iOS Apps | Provisioning Profiles | Development
under, click Add a new profiles.
To the Select Certificate page, one thing to note is that it's best to select only the certificate you just generated, not all. Because "Select All" in the keychain already have other certificates, prone to a variety of wonderful problems, will be described in detail later.
Finally, download it and double click to add it to Xcode.
Configure to Xcode
At this point, everything ok!
The mistakes you might encounter
If you follow the above execution, the last compile application found or not, reported similar to the error,
An error also appears in Xcodeorganizer:
This error is generally due to a certificate mismatch, to check:
Ensure that the profile is generated, select and select only one certificate;
Ensure that there are no duplicate certificates in the Keyschain.
Transferred from: http://nuoerlz.is-programmer.com/posts/47670.html
iOS Developer certificate-detailed/build/use