Apple Code Sign Simplified Diagram

Apple documentation seems not to be good at making developers’ life simple. So, in order to clear my mind about what is code signing, I came up with these.

What is provisioning profile?

An iOS application needs to be signed by a certificate from a Apple Developer team profile and run on designated devices. The provisioning profile includes all these information.

Specifically, the app is signed by using a private key during Xcode build process. The provisioning profile includes a public key which is some cryptographic function of the private key. When the app gets installed on a new device, using the public key to decrypt certain message from the app can verify whether the app has been modified or not.

How does the pubic-private key pair work for code signing?

Usually building an iOS app serves one of the two purposes: development or distribution. The corresponding settings, command and required provisioning profile for the two purposes are as follow:

Development vs Distribution