This article assumes that you are already familiar with iOS certificate creation, app distribution, and real machine debugging

How to prevent information transmission from being eavesdropped?

How to encrypt it?

  • Symmetric encryption encrypts and decrypts the same key quickly, but it cannot solve the key sharing problem

  • Asymmetric encryption The key used for encryption (public key) can be made public. This solves the problem of key sharing and the encryption speed is slow.

So use mixed passwords

The problem with mixed passwords

The recipient’s public key is public, and anyone can send a message to the recipient, which can lead to the following problems

  • Message tampering
  • Disguised sender
  • The sender denies sending the message

How to solve it? A digital signature

Note: public and private keys are paired, they decrypt each other, and encryption and decryption can be reversed; The one that can be made public is called a public key.

The disadvantage of the above is that if the plaintext message is large, the encryption and decryption process of the signature and the eventual comparison can be disastrous.

How to solve the problem that the plaintext message of digital signature is too large? One-way hash function

  • A fixed-length hash value is calculated based on a message of arbitrary length
  • Fast calculation speed, can quickly calculate the hash value
  • The hash value varies from message to message
  • With unidirectional, can not reverse the plaintext based on the above characteristics, improve:

One-way hash functions include MD4, MD5, SHA1, etc. For more information about hash functions, see Hash functions

The process for encrypting plaintext with a mixed password and digital signature is as follows

If this looks perfect, there is a risk that the public key (used for signing) will be forged. The forger generates the key pair and gets the recipient’s public key to send a fake message to the recipient.

PS: Let’s look at the design of signature encryption, private key encryption, public key decryption. If with ordinary encryption usage: private key decryption, public key masquerade, line? The answer is no, because anyone can get a public key, and encryption with a public key makes it impossible to identify the sender.

How can I prevent the public key of a digital certificate from being forged? certificate

  • What is a certificate?authorityThe certificate is generated by applying a digital signature to the public key submitted by the certificate applicant and adding some of the applicant’s personal information such as email address.CA is such an authority, and there are some profitable enterprises that provide certification services.

In order to facilitate comparison, we add only the certificate authentication of mixed password public key in the flowchart of mixed password combined digital certificate, as shown in the following figure

Is that what iOS signatures look like?

No, it’s just using the same principles. IOS signatures are less complicated because they’re just signatures without encryption. Let’s go straight to the picture:

In fact, you need to include some additional information in your signature, such as:

  • Determine unique App information (APPI)
  • Information about the app permission, such as keychain access group information
  • List of installable devices that are not restricted by the distribution environment

Why you need this information is not explained here too much, but should be familiar to those who have created certificates. This information is included in the Mobileprovision file. So why not just put it in the certificate? After all, one more file needs to be signed again. As we know, one certificate can be used by multiple apps of the same developer. If the information related to app is directly put into the certificate, multiple certificates need to be created for multiple apps, which cannot achieve the common purpose of certificates. The final complete signature process is as follows