Inside Code Signing

1. Code Signing需要的基础组件: 证书,私钥

As an iOS developer, chances are you have a certificate, a public key, and a private key on your development machine.

To use a certificate for signing, you need the private key.

A: 在OS X Keychain Access(钥匙链)中可以看到证书。

B: 下面的命令也可以看证书。

$ security find-identity -v -p codesigning

2. 证书(certificate)

"A certificate is — very broadly speaking — a public key combined with a lot of additional information

that was itself signed by some authority (also called a Certificate Authority, or CA) to state that the

information in the certificate is correct. In this case, the authority is Apple’s authority for developer stuff,

the Apple Worldwide Developer Relations CA. " Ref[1]

2.1 iOS开发中的两个证书: iPhone DeveloperiPhone Distribution 分别为前缀的证书。

This private key is what you use to sign the binaries with. Without the private key,

you cannot use the certificate and public key to sign anything.

代码签名本身使用的是: codesign 命令行工具。

"The signature for any signed executable is embedded inside the Mach-O binary file format,

or in the extended file system attributes if it’s a non-Mach-O executable, such as a shell script." Ref[1]

2.2 使用私钥和证书对app进行签名

If you have a certificate and its private key, it’s simple to sign a binary by using the codesign tool.

Let’s sign Example.app with the identity listed above:

A: 为一个App进行签名

$ codesign -s 'iPhone Developer: Thomas Kollbach (7TPNXN7G6K)' Example.app

B: 替换原来的签名 (即: 重新签名)

$ codesign -f -s 'iPhone Developer: Thomas Kollbach (7TPNXN7G6K)' Example.app

C: 查看App的签名信息

$ codesign -vv -d Example.app

will tell you a few things about the code signing status of Example.app:

D: 确认/查证 App的签名

$ codesign --verify Example.app

2.3 Bunldes 和 Resource

"When signing a bundled application, the resources are signed as well.  " Ref[1]

"the signing process creates a _CodeSignature/CodeResources file inside the bundle. "  Ref[1]

2.4 Entitlements 和 Provisioning

spctl 这个工具是什么?

spctl, which manages the system’s security assessment policy.

2.4.1 Entitlements

"Code signing is used to ensure that the application actually contains only what it says on the box — nothing

more and nothing less. The sandbox restricts access to system resources. " Ref[1]

"Entitlements specify which resources of the system an app is allowed to use, and under what conditions." Ref[1]

.entitlements文件的创建:

"This is the XML generated by Xcode after clicking around in the Capabilities tab and enabling a few things.

Xcode automatically generates an .entitlements file and adds entries to it, as needed. " Ref[1]

Adding Capabilities

"it can help to look at what the signature actually says about the entitlements:

$ codesign -d --entitlements - Example.app " Ref[1]

以上命令显示app的签名中包含的entitlements有哪些。

2.4.2 Provisioning Profile

"A provisioning profile is a container for the information needed by the operating

system to decide if it can let your app run." Ref[1]

Provisioning Profile可以使App在开发机上运行,也可以进行ad-hoc/enterprise发布,

那么正式的发布需要Provisioning Profile吗? 推测是需要的。

"A provisioning profile is a collection of all the components needed to determine if a particular app can

run on a particular device. Provisioning profiles are used to enable app debugging on development devices,

and also for ad-hoc and enterprise distribution. Xcode will embed the provisioning profile you select in

the project settings within the app. " Ref[1]

Provisioning Profiles 在文件系统的位置

"~/Library/MobileDevices/Provisioning Profiles, which is where Xcode keeps all the profiles downloaded

from Apple’s developer portal." Ref[1]

Provisioning Profiles的文件格式:

It is a file encoded in the Cryptographic Message Syntax,该语法由 RFC 3852 来描述。

查看Provisioning Profiles

$ security cms -D -i example.mobileprovision

以上命令的输出是XML形式的Plist。

该Plist文件中的key

DeveloperCertificates key,这个key是证书的列表。

"The certificates are Base64 encoded and in PEM format (Privacy Enhanced Mail, RFC 1848)."

$ openssl x509 -text -in file.pem

ProvisionedDevices key

"If you are looking at a development certificate, you will also find a ProvisionedDevices key,

which contains a list of all the devices you set up for this provisioning profile." Ref[1]

Items

code signing

device provisioning

Entitlements: 权利

Provisioning

Personal Information Exchange format (.p12)

X.509

Reference

1. Inside Code Signing

http://www.objc.io/issue-17/inside-code-signing.html

2. Code Signing Guide (ToRead)

https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html

3. man codesign

iOS.CodeSign的更多相关文章

  1. 使用Buildozer部署Kivy到移动设备上

    在安装好Buildozer软件之后,我们在包含main.py的文件夹下运行buildozer init这个命令,然后我们就会看到在该文件夹下有一个buildozer.spec这个文件,这个文件主要是用 ...

  2. 孤荷凌寒自学python第四十五天Python初学基础基本结束的下阶段预安装准备

     孤荷凌寒自学python第四十五天Python初学基础基本结束的下阶段预安装准备 (完整学习过程屏幕记录视频地址在文末,手写笔记在文末) 今天本来应当继续学习Python的数据库操作,但根据过去我自 ...

  3. 发布iOS应用时,Xcode报错:Application failed codesign verification.

    如下图,在发布应用时,因为codesign问题卡住了.尝试修改Target中的code sign setting,没有效果. 接着,在Developer Center删除所有证书,甚至包括Apps I ...

  4. CodeSign error: code signing is required for product type Application in SDK iOS

    在真机测试的时候往往会突然出现这样一个错误,code signing is required for product type 'Application' in SDK 'iOS 7.0'  ,就是说 ...

  5. [BEROR]CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 8.1'

    解决方法: 选择project->Build Settings -> Code Signing -> Code Signing Identity -> Debug -> ...

  6. CodeSign error: code signing is required for product type Application in SDK iOS XXX的解决办法

    转自:http://www.tuicool.com/articles/jYRNbm 在真机测试的时候往往会突然出现这样一个错误,code signing is required for product ...

  7. 【IOS打包】ARCHIVE FAILED:Command CodeSign failed with a nonzero exit code

    [问题] [解决办法] 用xcode打开项目 command + k 重启电脑 参照:xcode打包报错command codesign failed with a nonzero exit code ...

  8. iOS 真机报错 Command CodeSign failed with a nonzero exit code

    今天在网上下载的一个小demo,在模拟器上正常运行,但是在真机上报错: 解决方式: 1.打开钥匙串:2.锁住login keychain: 3.再把它解锁. 然后就能真机上正常运行了,

  9. CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 7.0'

    这个一般是证书设置的问题, 在build settings中找到 Code Signing->Code Signing Identity修改成有效的证书即可

随机推荐

  1. hibernate中的sql 1+n 问题

    ( 产生的原因:当一对多或多对多的映射关系下,当在一方添加或修改数据时,一方集合属性中的多方都要发生变化;先select语句,再update语句.当一方集合属性中的数据有很多时,对应的update语句 ...

  2. spark 学习_rdd常用操作

    [spark API 函数讲解 详细 ]https://www.iteblog.com/archives/1399#reduceByKey [重要API接口,全面 ] http://spark.apa ...

  3. python 引用和对象理解(转)

    引用和对象分离 从最开始的变量开始思考: 在python中,如果要使用一个变量,不需要提前进行声明,只需要在用的时候,给这个变量赋值即可 (这个和C语言等静态类型语言不同,和python为动态类型有关 ...

  4. @JsonInclude注解,RestTemplate传输值为null的属性,利用FastJson将属性中有空值null的对象转化成Json字符串

    一个pojo类: import lombok.Data; @Data public class Friend { private String name; private int age; priva ...

  5. python遇到的错误

    今天学习文件遇到这个错误. 这是在 text_files\vvvv.txt  之间加一个\ 就可以了,变成  text_files\\vvvv.txt,运行成功

  6. 大型运输行业实战_day01_1_业务分析

    1.业务分析 发展历史:  上车收费-->车站买票(相当于先收钱后上车)-->站务系统--->联网售票 2.项目结构 3.开发流程分析 1.业务分析            图文并茂  ...

  7. frame嵌套页面元素的定位

    这里当出现页面嵌套的时候怎么定位?frame就是对于嵌套页面的定位,今天具体说一下 前期准备工作:先编写一个HTML网页,带有嵌套的,方便我们在案例中使用按照如下截图的代码编写就好了,然后保存为HTM ...

  8. 全国绿色计算大赛 模拟赛第一阶段(C++)第1关:求和

    挑战任务 这次“绿盟杯”大赛,小明作为参赛选手在练习的时候遇到一个问题,他要对一个范围的两个数进行数位的累加,例如有两个数 15,19 则 他们的数位和应该为:1+5+1+6+1+7+1+8+1+9, ...

  9. Cisco & H3C 交换机 DHCP 中继

    个人理解:其实在核心交换上配置dhcp 中继也就是短短的几条命令,主要是注意细节,具体配置如下,希望能帮到大家: DHCP服务器IP:192.168.1.100 CISCO: 第一步:开启交换机的dh ...

  10. TabError的解决方法

    问题:Python文件运行时报TabError: inconsistent use of tabs and spaces in indentation 原因:说明Python文件中混有Tab和Spac ...