iOS signature mechanism parsing

Recently encountered a signature problem, take the opportunity to study the iOS signature related knowledge points. It is summarized as follows: (The research process refers to this man's blog.) Very comprehensive, this article also has some reference)

Asymmetric encryption

This is the algorithm basis for the signature mechanism. The so-called asymmetric encryption is relative to symmetric encryption. Symmetric encryption is the same key and decryption algorithm that the encrypting party and the decryption party contract. As long as you get this key, you can decipher the encrypted content. This encryption method, if I want to communicate with 3 people, and three people need to agree 3 different keys, otherwise these three people can not identify the message is encrypted by me.

Asymmetric encryption uses a pair of keys (the private key and the public key). Content that is encrypted through the public key can only be decrypted by the private key, and the content encrypted through the private key can only be decrypted by the public key. The general public key is public and the private key is saved by itself. This encryption allows you to verify that the encrypted content is encrypted by the private key holder, thereby verifying the identity of the other person. This encryption method: If I want to communicate with 3 people, only need these three people know my public key. As long as you can decrypt it through my public key, I think the message is encrypted by me. And any one of the 3 people who encrypt the content, can only be decrypted by me. Of course, in this case, I have no way to identify the true identity of these three people.

Abstract (Hash)

Abstract technology, also known as hashing technology, is the technique of mapping data one by one of any length to a fixed-length data, and the resulting digest data is irreversible. As long as the original data is different, the resulting digest will be different; As with the original data, the abstract is the same. Abstract technology can therefore be used to verify that data has been tampered with.

Common digest algorithms are SHA1 (160bit), SHA256 (256bit), SHA512 (512bit), etc.

Digital signatures

Digital signature is the application of abstract technology and asymmetric encryption. When the sender wants to send a piece of data to someone else, it ensures that the data has not been tampered with in order for the recipient to validate the received data.

1. The sender generates a digest for the data at the same time and encrypts it with the private key.

2. The receiver receives both the data and the encrypted digest by decrypting the Cryptographic digest with the public key

3. The receiver will also summarize the data through the summary algorithm, and the summary obtained in the 2nd step comparison, if consistent, can prove that the data has not been tampered with. Otherwise, the data is tampered with.

Describe the scene above.

Digital certificates

As stated above, the public key is public in the asymmetric encryption mechanism, and the digital certificate is its public form. The private key holder submits its personal (or organizational) information and public key information to the certification authority, which digitally signs the submitted information with its own private key, and then generates a digital certificate. This certificate is the identity of the private key holder under the system of the certification authority. is also the way to get its public key. Here is actually a little bit of hidden knowledge point, the certification authority with his private key signature, how to verify this signature? Only verify the signature to verify the authenticity of the certificate. The secret is hidden in the operating system's credit Certificate library.

1. To verify the signature of the certificate, the public key of the certification authority is required

2. The public key of the certification authority is typically built into the operating system, or the certificate Authority certificate (including its public key) is imported by itself.

In this way, the chain of trust is complete.

The commonly used digital certificate format is the file format of. cer. There is also a certificate. PFX (or. p12) that contains the private key. For example, in key chain, exporting a certificate that contains a private key generates a. p12 file that contains the private key. This is typically used to migrate certificates and private keys to other machines.

Well, the basics of the iOS signing mechanism have been paved. Let's look at what's going on with the signature in the iOS development process.

Apple Developer Digital Certificate

To sign, you must have a private key, a public key pair. So to do iOS development first go to the Apple Developer Center to apply for a personal certificate. The Application method is:

1. A CSR (Certificate Signing Request) file is generated through the Certificate assistant of key chain. You need to fill out the mailbox and common Name when generating the CSR. This is your personal information.

2. Then the system generates a pair of key pairs, the private key is stored in key chain, and the public key is written to the CSR file.

3. Upload the CSR file in the Apple Developer Center, and he will generate a digital certificate (Apple will add team-related information to the certificate). This certificate is your personal identity in the Apple certification system. The certificate is also used in subsequent signatures. When you download and install the certificate, the system automatically pairs the public key of the certificate with the private key in the system. So you'll see in the certificate list in key chain that the certificate has a private key associated with it.

The information for the certificate is as long as this:

Various certificates (APP store,ad-hoc,development)

provisoning file

With the certificate can be used to sign, but the problem is: when we signed the app, you can't always allow any one of the developer certificate to sign it. So Apple's solution is the provisioning file, which records a list of certificates that are allowed to be signed. The file also records the bundle ID of the app, the list of devices allowed to run (useful when Ad-hoc is released), and some of the Apple's list of services that the app can use. When the file is generated, Apple generates a signature with its own private key. Developers need to generate the file in the Developer center and download it locally. When the app is packaged, the file is packaged in an IPA file, and the app is checked for legality as it runs.

Xcode Signature Configuration

1. In the Configuration Interface general/signing node of target, you can select automatically Manage Signing. After checking this option, Xcode will automatically generate a certificate for you, profile file, if you want to login to your developer account in Xcode (General development stage can choose this kind of method)

2. In the Signing (Debug)/signing (Release) node, you can select the provisioning file, which previously stated that it stores certificate information that can be used to sign (the private key corresponding to the public key in the certificate when it is signed). So when you select the provisioning file, Xcode automatically looks for the certificate and private key that exists locally in key chain. (if there is no corresponding certificate and private key on the local, an error occurs)

If there are multiple certificates available locally, the signing node in the Buildsetting Configuration tab can be further selected.

　　Framework Signature Configuration

In a project, the framework project does not need to set up signature information because he will sign in the main project that references it, and of course the signature configuration information for the master project.

Xcode Signature Process

When you sign your app, Xcode will:

1. Generate summary information for each file (this includes the provisioning file), and then sign with the private key corresponding to the signing certificate

2. Store the signature information for each file in the app package's _codesignature\coderesources file

3. For the framework, it's essentially a package file (like app). Xcode signs all the files in him and then puts the signature information in the _codesignature\coderesources file within the framework package file.

See the specific process:

The last obtained IPA file looks like this inside:

Related tools

Two tools were used in the Xcode signature process above: codesign and zip

1. Codesign is a tool that is really used to perform signature work. It provides functions such as signing, verifying signatures, displaying signature information, and so on. Xcode actually calls the tool when it executes the signature.

2. zip is a compression tool. Use it to compress the app package files. (The IPA file format only changed the compressed file to an extension)

3. At the same time, the Xcode Command line tool provides a packageapplication executable program that receives provisioning file and certificate as parameters to replace the app Provisiong File and re-signing (only the app package is re-signed, and the built-in framework does not re-sign). Specific usage can be

/applications/xcode.app/contents/developer/platforms/iphoneos.platform/developer/usr/bin/packageapplication- Man to see. However, the tool has been removed in the latest Xcode. It is recommended to use xcodebuild-exportarchive to generate an IPA.

See https://developer.apple.com/library/content/technotes/tn2339/_index.html

Verification of the validity of Apple device app

When an iOS device installs the app, the following actions are performed:

1. Unpacking the IPA file

2. Take out the provisioning file and verify the legitimacy of the provisioning file through the built-in Apple public key. (Provisioning file was signed by Apple with the private key)

3. Verify the legality of the app based on the information in provisioning file. Ensure that the information in the Provisoning file record is consistent with the app information (such as bundle ID)

4. Obtaining a signed certificate from the provisioning file

5. Verify the validity of the certificate (the certificate is signed by the Apple private key) through the Apple Public key (iOS system built-in)

6. Verify the summary information for each file by using the public key in the certificate to ensure that each file has not been tampered with.

Re-signing Tool

In fact, as long as there is provisioning file, certificate we can put an IPA to re-sign any other name (defined in provisioning file) app. Simply unpack the IPA and re-sign the app according to the Xcode process. The following tools are implemented. (In this way, you can theoretically modify the IPA file and then re-install it with the new bundle ID.) This is equivalent to hack the app. ）

Https://github.com/shusain93/ios-app-signer

iOS signature mechanism parsing