Understanding Provisioning profiles and certificates in iOS Understanding Provisioning profiles and certificates in iOS ios ios

Understanding Provisioning profiles and certificates in iOS


First of all, selecting a provisioning profile in Xcode is misleading; building in Xcode actually has nothing to do with the profiles whatsoever! What actually happens is Xcode just matches the public key certificate in the profile to one in your keychain, then uses the private key to sign the executable. That's bog-standard Mach-O executable signing. This is also why they've changed it in Xcode 5 to be clearer. That's also where the errors on the profiles (Signing identity not found) come from - it means Xcode couldn't find a private key corresponding to any of the public keys in the profile.

Your personal developer certificate is standard PKI stuff; your Mac sends a request to Apple for a certificate in a way that Apple doesn't know your private key (similar to SSL certificate requests). Apple generates the certificate and the keychain matches it up with the original request, giving you the public and private keys for the cert. When a profile is created for an individual developer, that developer's public key is listed. When a team profile is created, the public keys for all the chosen team members are included. This allows the team members to sign the executable, but the name of the signer will be the team name instead of the individual.

When iOS goes to launch any executable, it first checks the signature. If the signature is signed by Apple App Store, then it runs.

If not, it then checks the installed provisioning profiles. The profiles include:1. A list of developer certificates2. An app ID3. Entitlements to grant (e.g. iCloud, Game Center, etc)4. A list of device UDIDs5. The whole thing is wrapped up and signed by Apple.

The profile is checked to ensure it was signed by Apple's key (using Apple's public key). It then validates that the current device's UDID is in the list. It also validates that the application ID matches (though wildcards are allowed). Then it checks the Mach-O signature against the list of valid developer certificate public keys. If any of them match, the executable runs and is granted the listed entitlements. If not, it is blocked.

I highly suggest opening up a .mobileprovision file in a text editor; you'll learn a lot!


matomo