Learning material
- Principles of iOS App Installation verification
- Principles of iOS App signature
Get
- Why does an expired local certificate not affect AppStore downloads?
Apple’s public key (1) is stored in the iOS system, and its private key (2) is stored in Apple’s background server. Apple’s private key (2) is used to sign the Appstore, and Apple’s public key (1) is used to verify the signature after the Appstore is downloaded. The whole process is independent of the local certificate, so the expiration of the local certificate does not affect the AppStore version.
- Asymmetric encryption and signature
- The public key and private key are a pair. If the public key is used for encryption, the private key can be used for decryption, and the private key can be used for encryption.
- Signatures are used to verify whether data is tampered with, regardless of data privacy. Process: the original data using the algorithm calculated from sha/md5, this paper, using the encryption private key signature, the original data, the algorithm, the signature to the receiver, the receiver signature using the public key solution to get the (2) after receipt of the data, using original data and the algorithm to get the (1), compared to the (1) and (2), the same said data has not been tampered with.
- Encryption is mainly used to protect private data and prevent content leakage. Process: The user downloads the provider’s public key, encrypts the original data using the public key to obtain the encrypted data ②, and the receiver decrypts the encrypted data ② using its own private key to obtain the original data ①
- Certificate management for the Adhoc version
There are two pairs of public and private keys: Apple public key A and private key A, and Local public key L and private key L. 3.1 by KeyChain applied for local public and private key, L get CertificateSigningRequest. CertSigningRequest (essence is the public key L). 3.2 open developer.apple.com and apply for the certificate, will CertificateSigningRequest certSigningRequest upload, apple USES the private key for public key signature L get A. Cer certificate file (containing the public key L, signature). 3.3 The user packages the APP, uses the local private key L to sign the app ①, and puts the. Cer obtained by signing ① and 3.2 into the app. 3.4 After obtaining the APP, the user uses iOS public key A to verify the signature of the. Cer file, and extracts public key L to verify the app signature after ok. Indirectly guarantee that App data is not tampered with.
- Algorithm is very important
The summarization algorithm can generate a fixed length fixed sequence (summarization) for very long data, and verify whether the content is tampered by the summarization. Encrypting and decrypting abstracts is lightweight.
- Commonly used formats
| The name of the | instructions |
|---|---|
| CertificateSigningRequest.certSigningRequest | The public key |
| .cer | Local public key Apple private key A Signature data Certificate issuer information (Apple) Algorithm using signature: SHA256 + RSA2048 Certificate validity period Developer account information |
| .mobileprovision | Includes configuration Entitlements, device list ProvisionedDevices, name, expiration time, DeveloperCertificatesIDs, and other information |
- The related script
#See certSigningRequest.
$ openssl req -noout -text -inPosition / / XXX CertificateSigningRequest certSigningRequest
#View the. Cer certificate
$ openssl x509 -inform der -noout -text -in/ / XXX position development. The cer
#See mobileprovision.
$Security CMS - D - I/XXX position/Test_AdHoc_ProvisioningProfile mobileprovision
Copy the code