What is a provisioning profile & code signing in iOS?

If somebody ask you about the iOS app deployment process, you can easily give the answer . But when they ask a level deeper, you may not have an answer. The above question is one such thing which every ios developer should know. Let’s see what it is.

just some image!!

Why Provisioning Profiles?

Unlike Android, you can’t install any app on an iOS device. It has to be signed by Apple first. However, when you’re developing an app, you probably want to test it before sending it to Apple for approval. Provisioning profile act as a link between the device and the developer account. During development, you choose which devices can run your app and which app services your app can access. A provisioning profile is downloaded from your developer account and embedded in the app bundle, and the entire bundle is code-signed. A Development Provisioning Profile must be installed on each device on which you wish to run your application code. If the information in the provisioning profile doesn’t match certain criteria, your app won’t launch.

  • Development Certificates — development certificate. These are for developers who want to test the app on a physical device while writing code.
  • Unique Device Identifiers (List of devices that the app can run on)
  • an App ID (this can include a * wild card to be used for many applications with similar bundle identifiers). — An App ID is a two-part string used to identify one or more apps from a single development team.

So, What is happening when we connect the device to xcode and installs the app??

When you install the application on a device the following things happens:

  • the provisioning profile in the Mac goes to the developer certificate in your key chain.
  • xcode uses the certificate to sign the code.
  • device’s UUID is matched with the IDs in the provisioning profile.
  • AppID in the provisioning profile is matched with the bundle identifier in the app.
  • The entitlements required are associated with the App ID.
  • The private key used to sign the app matches the public key in the certificate.

That’s all fine, But what is code signing?

Signing your app allows iOS to identify who signed your app and to verify that your app hasn’t been modified since you signed it. The Signing Identity consists of a public-private key pair that Apple creates for you.

Asymmetric cryptography

Asymmetric cryptography uses a public key and a private key. The users have to keep their private key for themselves, but they can share the public key. And using those public and private keys, a user can prove that he is indeed himself.

How asymmetric cryptography works??

Assume there is a UserA and UserB .

  • UserA create a PrivateKeyA + PublicKeyA.
  • UserB create a PrivateKeyB + PublicKeyB.
  • UserA shares his PublicKeyA with UserB .
  • UserB shares his PublicKeyB with UserA.
  • UserA encrypts the message with UserB’s PublicKeyB and send the message.
  • This message can only be decrypted using UserB’s PrivateKeyB.

What is CSR(Certificate Signing Request) in iOS ??

CSR is not something that is used only in iOS. It is used in many places.

The process :

  • Create a Certificate Signing Request (CSR) through the Keychain Access Application.
  • Keychain Application will create a private key(private key will be stored in the keychain) and a certSigningRequest file which you’ll then upload to Apple.
  • Apple will proof the request and issue a certificate for you. The Certificate will contain the public key that can be downloaded to your system. After you downloaded it you need to put it into your Keychain Access Application by double clicking it. The Certificate will be pushed into the Keychain and paired with the private key to form the Code Signing Identity.
  • Finally, at the time of app installation, the private key used to sign the app matches the public key in the certificate. If it fails, app is not installed.

If you enjoyed reading this post, please share and give some clapps so others can find it 👏👏👏👏👏 !!!!

You can follow me on Medium for fresh articles. Also, connect with me on LinkedIn and Twitter.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store