1. The role
- MAC, private key M for yourself, public key M for others.
- IPhone, iOS has public key A
- Apple server, private key A
Flow chart of 2.
3. Process Steps
- When a Mac computer creates a CSR file, it generates a pair of public and private keys M with asymmetric encryption algorithm. Private key M is stored in the local key chain.
- The developer applies for a certificate through the CSR file and sends the public key M to the Apple server.
- Apple server will use private key A to perform asymmetric encryption on public key M, perform A signature, and send the certificate to the developer, which is our usual development certificate or production certificate. After obtaining the certificate, keychain access will associate the certificate with private key M, which is our P12 file. This is why other developers want to share a certificate and need us to send the P12 file to it, because the P12 file contains the private key M.
- When an APP is generated, Xcode will use the local private key M to sign the APP. At the same time, the certificate will be placed on the IPA package and signed twice.
- Install the ipA package for iPhone and get the certificate.
- The iPhone uses public key A to verify the certificate. This is the first verification, which corresponds to point 3.
- After the first verification, the public key M with the certificate can be obtained.
- Use the public key M to verify the signature of the APP, corresponding to point 4, which is the second verification.
4. Knowledge
- RSA: A type of asymmetric encryption in which the public key encrypts data and the private key decrypts data. On the other hand, the private key encrypts the data and the public key decrypts the data for signing.
- Digital signature: Hashes the original number and encrypts it using RSA.
- HASH: indicates the HASH function, such as MD5, SHA1/512, and HMAC. The encryption result of the same data is the same, but the encryption length of different data is certain. For example, the MD5 value is 32 bits.
- DES, 3DES, and AES are symmetric encryption algorithms. The encryption and decryption processes are plaintext – encryption – ciphertext, ciphertext – decryption – plaintext. Generally, encrypted data is displayed in Base64.
Conclusion 5.
Apple uses two layers of verification to verify that the app is an Apple-approved app. The simple process is the same as above, but there are actually description files and so on.