The relationship between IOS development-certificate, APP ID, and provisioning profile

Simulator debugging sometimes can not check out the difference between the real mobile phone, if you need to test or publish the app to the App Store, if the company has not developed the app, you can start from scratch, most of them later, then when we enter https://developer.apple.com/account/ios/profile/profileList.action Site When we may have some confusion, will see such as film "

It is easy to find such a few things.

devices is a device that does not need to be explained, each developer account can be associated with 100 devices, you can add your device directly through Xcode, Certificate, App ID and provisioning profile are not so well understood.  

Certificate (certificate)

A certificate is a credential that you have the right to develop, a developer's identity, equivalent to an ID card, and a developer account with only one set. A set of two, development and distribution (i.e. production).

Where the development certificate provides developers with the ability to debug on a computer, multiple copies can be made for distribution to multiple computers.

The distribution certificate gives developers the ability to publish iOS programs, which means you have the power to publish programs to the App Store. Only one, cannot make copies distributed to multiple computers.

The following is the classification information for the certificate: (the certificate validity period is in parentheses)

• Development
  • App development (1 years): Used to develop and debug applications on the real machine.
  • Push Development (1 years): Used to debug Apple Push Notification
• production

  • in-house and Ad Hoc (3 years): Applications that are used to publish in-house and adhoc.

  •  

       app Store: Used to publish apps that submit the App Store.
  • push Production (1 years): Used to use Apple Push Notification in release builds.
  • pass Type ID Certificate
  • Website Push ID Certificate

Before you apply for a certificate, you need to apply for a certificate Signing request (CSR) file, which in fact generates a pair of public and private keys that are stored in your Mac's keychain. Code signing is using this encryption method based on asymmetric secret key, signing with the private key, validating with public key. As shown, the associated public key and private key are stored in the login of your Mac's keychain, and the certificate contains the public key. You can only use the private key to sign, so if you do not have a private key, it means that you can not be signed, so you can not use the certificate, at this time you only revoke the previous certificate to apply for one. Therefore, it is a good idea to export and save your private key when you are finished applying for the certificate. When you want to share a certificate with other people or other devices, pass the private key to it. The private key is saved in your Mac, and the Apple-generated certificate contains the public key. When you sign your code with your private key, Apple can use the public key in the certificate to verify that you signed the code, not someone impersonating you, but also ensuring the integrity of the code.

App ID

The APP ID is used to identify one or a set of App,app IDs that should be consistent or matched to the bundle IDs in Xcode. The APP ID has the following two main types:

• Explicit App ID: A unique app ID that uniquely identifies an application, such as COM. ABC.DEMO1, identifies the program with bundle ID com.ABC.demo1.
• Wildcard App ID: A wildcard app ID that identifies a group of applications. For example * can represent all applications, while COM. Abc.* can be expressed as COM. All applications that start with ABC.

Each time you create an app ID, we can set up the app services that the app ID uses, which is the extra service it uses. Each additional service has different requirements, for example, if you want to use Apple Push Notification Services, you must be a explicit app ID so that you can uniquely identify an application. The following are all currently optional services and the corresponding configuration requirements.

Provisioning profile

A provisioning profile contains all of the above: certificates, App IDs, devices.

Imagine that if we were to pack or run an application on a real machine, we would first need a certificate to sign it to identify the application as legitimate, secure, complete, and so on, and then need to indicate its app ID and verify that the bundle ID is consistent; You need to confirm that the device can be used to run the program. and provisioning Profile packs all this information together so that we can use it when debugging and releasing the program, so we just choose different profiles for different situations. And this provisioning profile file is embedded in the. IPA package when it is packaged.

For example, as shown in, a provisioning profile for development contains the app ID for that provisioning profile, the certificates and devices that can be used. This means that using this provisioning profile wrapper must have the appropriate certificate and that the program that corresponds to the app ID be run to the device contained in devices.

As mentioned above, the process of running an application on a single device is as follows:

As with certificates, Provisioning profile is divided into development and distribution two types:

(Note: The types of certificates that can be created by different account types are different, obviously the type of profile is related to the kind of certificate you can create)

• Development (1 years)
• Distribution (1 years)
  • In house
  • Ad Hoc
  • APP Store

The difference between House and ad hoc is that there is no limit on the number of devices, and ad hoc is used for testing purposes, and ad hoc packages can only run on the available devices that are registered in the account, apparently with a limit of up to 100 devices. So the difference between the two provisioning profiles is that the device limitations are different, and the certificate they use is the same.

Development/Release Process

There are several steps in the development of development:

• Request a Certificate
• Join the device
• Generate Provisioning Profile
• Set up Xcode Code sign Identifer

In fact, the third step is usually unnecessary because we are usually developing with the iOS Team Provisioning profile generated and managed by Xcode because it is very convenient, so you do not need to manually generate the Provisioning profile yourself.

IOS Team Provisioning profile is the first time you add a device using Xcode, Xcode automatically generates a wildcard App ID (*, matching all applications) generated by Xcode. The account contains all the devices and all development certificates as shown. As a result, all members of the team can use this iOS Team Provisioning profile to debug all applications on all the devices in the team. And when a new device is added, Xcode updates the file.

The relationship between IOS development-certificate, APP ID, and provisioning profile