AppStore installation

  1. The Apple Certificate Issuing Authority (CA) contains A pair of public and private keys (public key A and private key A), and the built-in public key A of iOS devices.

  2. Apple uses private key A to sign the application abstract with RSA, and iOS devices use public key A to verify the signature. After passing the signature, verify the validity and integrity of the installation package data and install it directly.

The development environment is packaged and installed

A, generation,CertificateSigningRequest.certSigningRequest

  1. Open Mac Apps -> Keychain Access

  2. Request a certificate from a certificate authority

    • For example, the input[email protected]andTestName toUser email addressandCommon nouns;
    • generateCertificateSigningRequest.certSigningRequestFile;
    • When this file is generated, a pair is also generated in the keyChainNew public and private keys;
    • The TestName public key and the TestName private key can be found in key string Access – Login – Key – Search TestName.

  3. Terminal view the contents of the file:

    View the file contents: $openssl the req – noout – text – in/XXX position/CertificateSigningRequest certSigningRequest

    View the file simple information: $openssl asn1parse -i – in/location/CertificateSigningRequest XXX. CertSigningRequest

    The main data of the file is as follows:

    • Signature data: Sha256 digest algorithm is used to generate information digest of relevant plaintext, and RSA2048 private key is used to sign the digest.
    • RSA2048 public key (i.eTestName public key)
    $openssl the req - noout - text - in/XXX position/CertificateSigningRequest certSigningRequest Certificate Request: Data: Version: 0 (0x0) Subject: [email protected], CN=TestName, C=CN Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b4:0b:2d:9d:b5:91:17:fa:a0:77:e0:fc:6f:a1: cf:56:0e:5f:08:6e:de:9f:e3:3d:01:36:91:5f:1e: 83:6a:e0:28:d3:31:d4:8b:c6:e2:e7:b6:0c:05:c2: f4:11:cf:29:7a:19:de:14:86:da:9c:34:9d:8a:09: 57:b0:b0:fb:cb:fa:f2:ad:93:77:8c:27:4b:52:92: a6:80:4c:c5:3d:4c:68:8d:f7:2f:cb:a4:91:76:de: ed:3c:de:cd:3f:c9:a3:42:ec:8d:d5:3d:1b:7b:b9: 21:41:51:38:6d:94:81:f5:71:47:6c:63:b7:ed:b5: ca:ba:17:c3:75:11:16:cb:c2:2e:55:30:68:4d:75: a5:48:a4:f8:f2:e3:56:9a:92:c4:4a:85:0f:a0:c4: c4:72:f1:31:c8:70:f1:0e:29:2e:77:50:67:c3:4e: e9:11:3b:7f:c6:d1:30:87:f0:73:a4:43:a5:5d:cc: f4:b2:4f:a6:fe:2b:c7:f2:be:e4:04:45:13:df:03: 0f:09:56:09:62:0c:b9:1d:6a:5f:0d:35:e3:13:45: cf:c1:09:73:d6:dc:49:06:a5:ef:17:7c:7d:49:fa: 55:6a:7f:b9:e3:a3:ee:e7:92:50:6d:00:c8:91:45: b4:bd:01:28:4d:38:07:09:66:b2:cd:86:33:71:bd: 48:6f Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 65:7c:62:b6:61:69:23:a4:84:44:3b:6c:ef:a1:7a:74:71:da: 4d:ba:b1:80:ef:a8:28:6c:13:4a:e1:3f:45:89:e8:26:a8:92: 03:5f:5a:19:f7:40:1b:bd:8e:6a:5f:e1:e0:a0:f4:51:d2:ab: 71:39:5a:4e:05:e8:b1:dc:84:d6:1a:fc:d8:91:d4:4d:34:b4: 7d:58:a9:12:76:4e:df:84:d2:5b:f4:32:af:09:70:8c:79:59: e3:f2:14:d5:9d:35:60:03:10:12:de:10:42:8b:c6:0d:2c:5a: 33:8b:9c:b4:a6:69:d3:22:e4:4f:84:64:46:44:c7:37:ac:d3: d7:e2:c1:61:98:ee:a4:9f:f4:26:5f:22:71:d5:13:f6:2e:a5: d5:08:3d:6b:c4:cb:b1:c7:7c:bf:37:0c:af:df:22:42:94:9d: a5:14:5a:9a:36:cd:11:bd:1c:d9:02:9e:c2:c3:a3:63:21:65: 87:21:a5:24:af:4c:07:92:5f:5a:ef:fa:61:82:60:99:49:76: ea:0f:83:79:f9:78:05:f5:1c:95:c3:c9:b4:d0:5f:31:f0:2e: 5c:99:86:9a:54:91:81:d6:1b:01:4f:66:a2:c7:a8:91:d4:17: 1b:8d:51:39:dd:df:a5:cc:e9:2e:51:1f:43:6c:e8:66:71:cd: 56:3f:f4:b5Copy the code

Generate development/release certificates.cer

The Apple Certificate Issuing Authority (CA) contains A pair of public and private keys (public key A and private key A), and the built-in public key A of iOS devices.

  1. Using CertificateSigningRequest certSigningRequest to Apple developer center, choose to create Apple Development or Apple Distribution;

  2. Generate development.cer or distribution.cer;

    • Apple will use the SHA256 digest algorithm.certSigningRequestTo generate a summary of relevant information, and then use AppleThe private key is ASignature, get the signature data stored in the certificate, ensure that the certificate source is trusted, and data integrity;

  3. Terminal View the. Cer certificate

    For example, $openssl x509 -inform der -noout -text -in/XXX location /development.cer

    The certificate data is as follows:

    • TestName public key
    • Apple private key A signature data
    • Certificate Issuer Information (Apple)
    • Signature algorithm: SHA256 + RSA2048
    • Validity of certificate
    • Developer Account Information
Cer Certificate: Data: Version: 3 (0x2) Serial Number: 3769592763042482157 (0x345048a55507c7ed) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority Validity Not Before: Oct 22 06:17:03 2020 GMT Not After : Oct 22 06:17:03 2021 GMT Subject: UID=Y6M594P2Q9, CN=Apple Development: xxx name (xxx), OU=TeamID_XXX, O=xxx xxx Technology Co., Ltd., C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a5:1f:36:f3:6a:e5:76:8d:09:9f:70:4f:46:6b: a7:0e:c6:51:a3:ab:3c:25:ce:cf:60:13:3b:f4:0f: 3d:3d:9c:69:96:28:18:ed:77:76:42:03:53:e7:e3: 87:88:9c:00:41:5e:a4:af:14:29:fb:71:57:7e:f5: 80:db:5e:0d:3a:af:7e:88:0e:92:c0:09:c5:9b:12: 26:73:1c:e8:8e:8b:87:01:5c:14:15:9f:36:a3:38: cb:5c:ec:b2:fb:36:e4:4d:2d:1d:7c:65:43:9b:25: b3:53:b4:ea:a5:86:0f:c9:da:81:59:5b:0c:b8:a0: df:1e:f5:cb:9e:a4:3c:3e:dc:cb:18:a4:1e:cf:86: 9e:3e:9b:81:e3:b5:83:92:a3:82:7a:04:65:c7:87: 7b:18:5b:8e:4a:58:93:30:cf:6a:c7:5c:74:0d:00: 68:d4:9f:ee:3d:59:89:1e:75:59:ba:8b:c0:00:9a: 89:2b:cb:d4:28:21:87:5c:11:2d:38:69:ce:4d:3d: 4b:59:fe:d6:0e:af:17:0d:88:f4:47:f1:2c:47:60: 5c:4e:19:5c:c7:21:36:5b:1a:5b:fc:e8:40:6b:c2: b3:ac:76:07:b0:22:60:03:b0:7b:00:a3:68:f3:e8: 35:5b:5b:b4:b4:6c:16:c1:09:98:d2:a9:ca:dc:b7: 83:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:88:27:17:09:A9:B6:18:60:8B:EC:EB:BA:F6:47:59:C5:52:54:A3:B7 Authority Information Access: OCSP - URI:http://ocsp.apple.com/ocsp03-wwdr19 X509v3 Certificate Policies: the Policy: 1.2.840.113635.100.5.1 User Notice: Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. CPS: http://www.apple.com/certificateauthority/ X509v3 Extended Key Usage: critical Code Signing X509v3 Subject Key Identifier: 43:91:DE:0F:09:EA:09:5A:DB:98:9C:58:2B:15:A8:CE:F5:17:61:33 X509v3 Key Usage: Critical Digital Signature 1.2.840.113635.100.6.1.2: critical.. 1.2.840.113635.100.6.1.12: critical.. Signature Algorithm: sha256WithRSAEncryption 62:35:ea:78:ad:59:cf:47:5f:b5:89:c4:8a:92:ae:7b:8e:5f: a8:ce:ad:69:0e:ec:83:72:e7:ea:5c:5f:b7:26:f8:1f:a7:02: e2:cf:d2:a4:af:ac:0f:0b:f8:4d:58:29:85:2b:dd:0b:c0:5d: 30:00:af:e0:b0:ef:b8:0a:e0:73:ee:09:5f:dd:a0:c5:a0:06: a6:4a:f3:0b:61:22:42:f0:45:ad:c8:fe:cc:54:68:13:80:27: a7:be:7c:b2:07:63:da:25:74:2d:7e:ff:57:23:27:e7:1f:b9: 68:be:0d:c3:d3:6a:07:9e:7d:00:96:50:4d:c8:66:4d:5e:e8: 40:0b:99:bc:9d:d1:b6:d5:97:ac:a6:0f:54:df:dd:7b:a5:5e: a4:30:36:d2:95:07:9b:e0:46:3c:c2:0b:2c:2e:ed:ab:d5:8f: 86:34:8b:3c:ed:c4:c9:ec:6a:a4:7d:30:12:6f:03:1b:6c:51: 22:8f:65:4a:1a:6b:c7:ea:1a:2c:62:2b:b1:17:10:41:9d:7a: 35:99:1e:e8:36:64:75:c1:76:eb:23:ed:8c:7b:61:88:f6:8a: 34:15:e9:3d:a8:75:da:ee:83:c2:e0:e1:bd:0f:de:64:f4:98: 93:4e:da:e1:f6:50:c8:84:31:d8:f8:dc:f6:be:d4:20:e4:8c: 36:1f:46:a8Copy the code

Provisioning Profile generation

  1. Create a Development or Ad Hoc Profile (Provisioning Profile) for your application

    • Apple uses the digest algorithm to generate a digest containing all the data including App ID,.cer certificate, UDID list of devices allowed to install the App, and then uses AppleThe private key is AAbstract is signed and signature data is generated.

  2. Terminal View the. Cer certificate

    For example, $openssl x509 -inform der -noout -text -in/XXX location /development.cer

    The configuration file contains:

    • App ID(Identifier),
    • .cerCertificate data,
    • Apple private key A signature data
    • Entitlements (App permission switch list)
    • File expiration time
    • Group ID

    .

$ security cms -D -i /xxx位置/Test_AdHoc_ProvisioningProfile.mobileprovision 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>TestCustomAppIDName</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>TeamID xxx</string>
	</array>
	<key>CreationDate</key>
	<date>2021-01-30T04:47:15Z</date>
	<key>Platform</key>
	<array>
		<string>iOS</string>
	</array>
	<key>IsXcodeManaged</key>
	<false/>
	<key>DeveloperCertificates</key>
	<array>
		<data>MIIF8zCCBNugAwIBAgIIP5rgQgtFjgIwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjEwMTI2MTAyMDM1WhcNMjIwMTI2MTAyMDM1WjCB0TEaMBgGCgmSJomT8ixkAQEMClNaS0o5OVA2NkExWDBWBgNVBAMMT0FwcGxlIERpc3RyaWJ1dGlvbjogR3Vhbmd6aG91IEh1aXhpYW5namlhIElPVCBUZWNobm9sb2d5IENvLiwgTHRkLiAoU1pLSjk5UDY2QSkxEzARBgNVBAsMClNaS0o5OVA2NkExNzA1BgNVBAoMLkd1YW5nemhvdSBIdWl4aWFuZ2ppYSBJT1QgVGVjaG5vbG9neSBDby4sIEx0ZC4xCzAJBgNVBAYTAkNOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/hDvRbU0JLLY0J2ExTvUMGtRIv1lDGQhA1Owu3S0HIW4b/zWO/AA0vqLFga3Gt513csrVpBbyc4TAdbFwOdR6Sy2NiRK9gTMPwwMyYoJhDQsPBDQYG5LyFpiTpXE0pnU/uT9eUXZHTPi4KMnVYRenmpmsb3kk//xPnF1uFStI38bZ0wcBgnuGHraCkkvA2AYp9FbAyZch9kxNww1IrjK+8Jxj2MGyECJZxFwiJ1W5rLl8aBbipT0f5Y7BdOw4GRJ2R9dXzfWwQEGDK2SA8FEzIeAV3KzvPSaUOcKwG+mdooUgTWO3S+anev2hFl23K9yLMWZyyETU/QnDFX/y6UeQIDAQABo4ICBjCCAgIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtd3dkcjIwMIIBHQYDVR0gBIIBFDCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU9B8XOFJwWaBiHiSM6Yz3Vk9iXlEwDgYDVR0PAQH/BAQDAgeAMBMGCiqGSIb3Y2QGAQcBAf8EAgUAMBMGCiqGSIb3Y2QGAQQBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAmNcx+08jtuX5Vci9xdnplu6eZ04CvWg2RH0/y+7W8g7sYa0M34ZseUSKZVqyvb1JJxcSsoyve2ddOsyKEFUS3OQyBaG8R0kjlanLp1YB0mVn//GXSHv0rGive21L573XfK7mhu7aAB1Pzzv3Lg3TSS1tj6E9AHnCNpIIYVgGtzdCEHdP1kXfzjy1C1h58QDScMTBcHliuCaBaPx0Zc+EQ9ap+ObNz55DZqtfJ1CBa94Aat/rCb7rykPzyijj38gAarCH9W5taF4M+rnbO/kAuep+F9ewk+F3W5Mkef8cFQe2c8BmCOunFpcxioDYSVtBxcp3OJ79oaRI2Knnk/hwD</data>
	</array>

										
	<key>Entitlements</key>
	<dict>
				
				<key>application-identifier</key>
		<string>TeamID_XXX.com.jq.blesdk</string>
				
				<key>keychain-access-groups</key>
		<array>
				<string>TeamID_XXX.*</string>
				<string>com.apple.token</string>
		</array>
				
				<key>get-task-allow</key>
		<false/>
				
				<key>com.apple.developer.team-identifier</key>
		<string>TeamID_XXX</string>
				
				<key>com.apple.security.application-groups</key>
		<array>
				<string>group.com.jq.blesdkGropu</string>
		</array>

	</dict>
	<key>ExpirationDate</key>
	<date>2022-01-26T10:20:35Z</date>
	<key>Name</key>
	<string>BLESDK_AdHoc_ProvisioningProfile</string>
	<key>ProvisionedDevices</key>
	<array>
		<string>00008030-0002699C0AF9802E</string>
		<string>2efc2296d057aece145299b5677988dfc4bdb07e</string>
		<string>e0b8aafc6a3b1caa595611194bd9d407a32652a9</string>
		<string>1b3ffe9b5864ff03403d065da809258a0dd6436d</string>
		<string>150bdfcd02f6bf910f8ce40085e7d1b183b4fb02</string>
		<string>09b8bb5e01a11ed5a5c5db00a809cac012d20778</string>
		<string>3ad005dad2563b43987bfb503e477af69399d4f8</string>
		<string>bb8751160afb83314d29f7583c900146ba5202f1</string>
		<string>6e7662a90675e24681deec185c018e69fb3cd128</string>
		<string>9b52a9b8ac0218fd1f4661b2d7548f0838e1a7b2</string>
		<string>00008020-0001149C3C04002E</string>
		<string>cf40b8b413a01994122e2169509d2d3f89479661</string>
		<string>00008020-001C38CA3C99002E</string>
		<string>a66dd49a60e664219345ce0d252b3f9b713d17c0</string>
		<string>62028652e3bd9d9f6022f12002735c789566b580</string>
		<string>00008030-000428E02EC0802E</string>
		<string>f7214772ef650033e504c545b6fce0d6f46cc31c</string>
		<string>a1b5e77da74e46f6beaddf64d64559ad3e72ee36</string>
		<string>f0803a199940e0853147cdeb956a5bfb6cbf18c6</string>
		<string>263bd980b32c9905d5c77fea62c826136c0b924b</string>
		<string>e95f7ae684f3c8d9161c2fc53bd869129697394f</string>
		<string>216089f8ddc200319e1598f5b69e551bb9117ad7</string>
		<string>7ff854bba5435ef13e355361388d103e9244f34c</string>
		<string>48787857c8de3bdc6aa3e3be56ecea621ce9f5fa</string>
		<string>754751c553062fec6d98a2302ad4025f45396f45</string>
		<string>25aa1b009ae93c1a50441a34d75e0177ea972526</string>
		<string>028718698476f94f5469aaa2ad370a1e6e2f749d</string>
		<string>80c3f437a7f7243cd86777897925abdcfc14b125</string>
		<string>371764b704f340083c637853d70bb5ff46c2ef83</string>
		<string>a087699401be0b2a8525aea4c3ccfa9f0d0ae7fe</string>
		<string>76e9a2ebdf7fd9d47ee1c9d76ce6e8d9044673b1</string>
		<string>00008020-001E48900C68002E</string>
		<string>b6134e7cb22f2ba7f730fe2850e068265bcc4af7</string>
		<string>00008020-000C59261111002E</string>
		<string>5a556bc071f9234a9a5bb98e79cffb66c62aefaf</string>
		<string>2b2a4732041e5682b8e8a7e4e361012c1c82bbd0</string>
	</array>
	<key>TeamIdentifier</key>
	<array>
		<string>TeamID_XXX</string>
	</array>
	<key>TeamName</key>
	<string>Guangzhou Huixiangjia IOT Technology Co., Ltd.</string>
	<key>TimeToLive</key>
	<integer>361</integer>
	<key>UUID</key>
	<string>3e080887-3675-475f-b85a-34c9e9191abb</string>
	<key>Version</key>
	<integer>1</integer>
</dict>

Copy the code

4. Compile and package App

  1. Xcode generates the App installation package and packs the Provisioning Profile into the App, using the one saved on the MacTestName private keySign the App and generate the installation package.
  2. Generated IPA package:
    • _CodeSignature: indicates the signature or hash of all files, such as pictures, videos, dynamic libraries, and static libraries.
    • Embedded. Mobileprovision: configuration file;

Five, the installation

  1. IOS devices use Apple built-inPublic key AVerify the signature in the description file in the installation package.cerCertificate, equipment UDID list, AppID and Entitlements data validity and integrity;
  2. Check whether the device UDID list contains the local UDID.
  3. Check whether information such as the APP ID in the configuration file is consistent with that in the installation package.
  4. Using Apple’s built-inPublic key Aright.cerVerify the signature in the certificateTestName public keyValidity and completeness;
  5. useTestName public keyVerify the file signatures in the installation package to ensure the validity of the installation package.
  6. Install the App;

A digital signature

Click to view principle