A, ProvisioningProfile

Xcode will all configuration file in ~ / Library/MobileDevice/Provisioning Profiles file

1. The development team supplies configuration files

  • When an Apple Developer Account is added to Xcode, it interacts with the Apple Member Center backend to automatically generate an iOS Team Provisioning Profile (Managed by Xcode). Managed by Xcode and different from manually registered profiles in Apple Member Center.

  • All Development Certificates and Devices in the account can use it to debug all applications on all Devices registered with the team

  • You need to log in to the developer account of the APP.

  • All Development Certificates and Devices for the APP in your account are included

2. Provisioning profiles

1) the Development: A Provisioning Profile corresponds to a Explicit App ID or Wildcard App ID (a set of App IDs with the same Prefix/Seed), specifying App IDs (optional), Certificates (Certificates), Optional) and Devices (optional). Users need to manually download and install the device with the corresponding certificate (generated by themselves or obtained from others).

2) Distribution: Wildcard App ID (*)

Devices (0, Unlimited)

Second, the certificate

Ordinary personal Development account can register a maximum of 2 iOS Development/Distribution certificates;* * * *Only a team agent or an admin can create a distribution certificate.

  1. When a Certificate is missing, the Certificate is automatically requested through Xcode Fix Issue. Here, the Keychain Certificate Assistant requests the CSR: Certificate Signing Request from the Certificate authority

  2. Root certificate: WWDRCA(Apple Worldwide Developer Relations Certification Authority) Use the private key to encrypt and sign the public key and some identity information in the CSR to generate a digital certificate (iOS_development. cer) and record it (Apple Member Center).

  3. Download the certificate from Apple Member Center website and double-click it on Mac to install it (of course, you can also add the development account automatic synchronization certificate and [generate] configuration file in Xcode, but the downloaded certificate does not contain the private key and cannot be signed. If the certificate is not created locally, you need to import it from outside)

  4. Certificate is configured to 【 Xcode Target | Build Settings | Code Signing | Code Signing Identity.

Three, signature

1.Code Signing Identity

  • Xcode configuration _Code Signing Identity_ (entitlements, certificate) must be identical to _Provisioning Profile_matchingAnd the Certificate configured must be in **Public and Private Key pairs exist in the local Keychain Access**, otherwise the compilation will report an error.
  • Mac devices on which Xcode resides use **CA certificate (wwdrca.cer)To judge the Code Signing IdentityValidity of Certificate六四屠杀

If the WWDRCA Public Key can be used to decrypt the certificate and obtain the Public Key and Signature, the certificate is issued by AppleWWDRCA, that is, the source of the certificate is trusted.

Then hash algorithm is used to calculate the summary of the certificate itself. If it is consistent with the summary obtained in the previous step, the certificate has not been tampered, that is, the certificate is complete.

2.Code Signing

  • The private Key in the Key Pair corresponding to each certificate (which is actually a public Key) will be used for the content (executable code, Resources such as images and nib files aren’t signed) For digital signature (CodeSign) — use hash algorithms to generate digest content.

3.Verify Code Signature with Certificate

The public key and a summary of its contents are contained in the certificate, which is encrypted by the WWDRCA public key and contained in the description file, and then installed with the APP into the real machine.

  1. When an App starts on a Mac/iOS real machine, we need to match entitlements, bundle IDS, and Certificates with Provisioning profiles

  2. Cer on iOS/Mac is decrypted and verified by the public key in applewwdrca. cer, and the trusted public key in each development certificate is obtained to verify the reliability and integrity of App.

**iOS/Mac devices (systems) use the development certificate in the App Provisioning Profile (Code Signing Identity) to determine the validity of the App: ** If the content summary (Signature) of EXECUTABLE Code can be successfully decrypted using the certificate public key, it can be proved that the App is truly issued by the certified developer, that is, the source is credible; Then the hash algorithm is used to calculate the summary of App (Executable Code). If the summary is consistent with the one obtained in the previous step, it proves that the App (Executable Code) has not been tampered, that is, the content is complete.

5. Shared certificates

  • Export *.developerProfile (Exporting a Developer Profile) file containing the Apple ID /code signing Assets information for Xcode development on other machines

  • Download the manually created description file from the Apple Member Center website without downloading the corresponding certificate

P12 file, PKCS12 file holds the private key and certificate.

Double-click certificate. p12 (enter a password if you have one) on another Mac machine to install the shared certificate. After obtaining the shared certificate, register the iOS device to be debugable with the developer account on the developer website and download the Provisioning Profile of the iOS debugable device authorized by the certificate to develop and debug on the iOS device.

Xcode configuration response is sometimes not timely, refresh, reset the relevant configuration item switch (if any) or restart Xcode to try.

If the Bundle identifier is set to the APP ID registered for someone else's account (for example, the Apple camera APP com.apple.camera), an error will be reported: No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) matching the bundle Identifier "com. Apple. Camera" were found. Even if the compilation passes, the APP itself may also report a signature error during runtime verification with the server. What should I do??

Its ehrs skill: at this point, you can add a suffix based on others the original App ID (such as com. Apple. Camera. The extension), configured to use derivative plugin (equivalent to) under the same App Group can happy to play