I want to talk a little bit about how iOS app signatures work. The first thing we need to know is something called digital signatures
Digitally signed
Noun explanation: Why the word signature is used. Because foreigners like to use checks, and the signature on the check proves it’s yours. So digital signature, as the name implies, is a method used to identify digital information.
So let’s think about it. What is the best way to prove the validity of digital information (that is, binary data, any data in a computer)? We can think of HASH algorithms, known as “information fingerprints,” that are specifically used to identify file data as discussed in previous articles. So in the process of network data transmission, we can pass the plaintext data and the HASH value of the data to each other. The other party can use the HASH value for verification. But in this process, how to achieve data protection? Plaintext data and HASH values run the risk of being tampered with if passed directly. So here we’re going to encrypt the data. Plaintext data is sometimes too large to use the RSA asymmetric encryption algorithm, so the HASH value of the data is relatively small. This data is for verification and can be encrypted using RSA. Therefore, the plaintext data and the RSA encrypted parity data are transmitted to each other during data transmission. So this validation data, encrypted by RSA, we call it a signature.
Verification process of digital signature How to verify the data obtained by the other party?
- The original data is sent along with the digital signature when the data is first transmitted
- After the other party gets the data, they verify it first. Take the raw data and use the same HASH algorithm to get the HASH value of the data.
- Then use asymmetric encryption to decrypt the checksum HASH value in the digital signature.
- Finally, check whether the two HASH values are consistent. This is a good way to determine whether the data has been tampered with!
Code signing
Code signature is the digital signature of an executable file or script. A measure used to verify that software has not been modified or corrupted after being signed. The principle is the same as digital signature, but the data of signature is code.
Simple code signing
Before iOS came out, the previous mainstream operating system (Mac/Windows) software can be downloaded from anywhere, system security risks, pirated software, virus intrusion, silent installation and so on. So Apple wants to solve this problem, to ensure that every APP installed on iOS is approved by Apple official, how to ensure? It’s just a code signature
If you want to implement validation. The easiest way to do this is to create a pair of asymmetrically encrypted public and private keys via Apple. There is a built-in public key in the iOS system, and the private key is saved by the Apple background. When we upload the APP to AppStore, the Apple background signs the APP data with the private key. After downloading the APP, the iOS system verifies the signature with the public key Apple’s requirement: Make sure every APP you install is approved by Apple.
If we install the APP from the APP Store on our iOS device, it’s easy to do, nothing complicated, just a digital signature. But there are actually other ways to install apps on iOS. For example, for our developer iOSER, we need to develop the APP directly real machine debugging. Moreover, Apple has also opened up the distribution channels within the enterprise, and the enterprise certificate signing APP also needs to be installed smoothly.
Apple needs to open up these ways to install apps, which can’t be met with a simple code signature. So let’s analyze what needs it has.
- The installation package does not need to be uploaded to the App Store and can be installed directly on the phone.
- In order to ensure the security of the system, Apple must also have absolute control over the installed apps
- Install with Apple’s permission
- Cannot be abused to allow non-development apps to be installed
In order to meet these requirements, the complexity of iOS signatures has also begun to increase, and apple’s solution here is a two-layer signature.
Two-tier code signing for iOS
This is not how the final iOS signature works either. The final iOS signature has to be a little bit more than that, which I’ll cover at the end of this article. First there are two roles. One is iOS and one is our Mac. Because iOS APP development environment in the Mac system. So this dependency became the basis of Apple’s two-tier signature.
-
A pair of public/private keys that generate an asymmetric encryption algorithm on the Mac (your Xcode does it for you). Public key M private key M. M = Mac
-
Apple has its own set of public and private keys. Just like the App Store, the private key is in apple’s background and the public key is in each iOS system. This is called public key A and private key A. A=Apple
-
Send the public key M, along with some of your developer’s information, to the Apple background (this is the CSR file) and sign the public key M with the private key A in the Apple background. Get a piece of data that contains the public key M and its signature, and call this data a certificate.
-
During development, after compiling an APP, sign the APP with the local private key M(P12 you will export in the future), and package the certificate obtained in the third step together into the APP and install it on the mobile phone.
-
During the installation, the iOS system obtains the certificate and uses the built-in public key A to verify the digital signature of the certificate.
-
After verifying the certificate, ensure that the public key M is authenticated by Apple, and then use the public key M to verify the signature of the APP, which indirectly verifies whether the APP installation behavior is officially approved by Apple. (This only verifies installation behavior, not whether the APP has been changed, since APP content is constantly changing during development and Apple doesn’t need to deal with it.)
With the above procedures, it is possible to ensure the developer’s certification and the security of the program. However, you should know that iOS programs can only be distributed to user devices through the APP Store. If there is only the above process, isn’t it possible to install them on all iOS devices as long as you apply for a certificate? So to prevent abuse, Apple has added a few more restrictions. We’ll elaborate on that in the next article.
Original address: