pensieve for signing iOS apps
Short definitions of the involved artefacts for signing iOS apps. This is not meant as a tutorial or to help solve issues, it’s just a compact description of what is involved because the concepts are a bit cyclic, making them harder to grasp all at once, and are usually presented either in long documentations, mixed with crypto introductions, or just on step-by-step tutorials without any explanation.
In other words, this is a memory dump on my own level of understanding. 8)
A Certificate (.cer) is a public key, paired with a Private Key. The Certificate is public, Apple holds a copy. The Private Key is usually exported as a Personal Information Exchange File (.p12), encrypted with a password, and holds one Identity or many Identities of who created that Certificate.
A Provisioning Profile works like a contract. It holds public information about what kind of access it grants — like signing and sending apps with In-App Purchase to the App Store, or installing apps on your own device skipping the App Store.
A Provisioning Profile is associated with a Certificate. Apple grants the provisions if they are signed with the Private Key of the associated Certificate — which is usually done under the covers by Xcode, but is the reason why on CI tools like Bitrise we need to explicitly provide the files for Provisioning Profiles (.mobileprovision for iOS) and Identities (.p12) we’ll use.
There are multiple types of Certificates, which can only be associated with certain types of Provisioning Profiles. So an iOS Development Certificate, for example, can only be associated with iOS Development Provisioning Profile — which means that a Certificate for an individual developer won’t be able to sign an app for the App Store, and a Certificate for iOS Distribution for production won’t be able to sign an app to install it on a device skipping the App Store. Other Certificate types include server-side Apple Push Notification so services can send push notifications directly to APNs, or access to the device Wallet.
That’s it! The long format documentations are helpful, and the step-by-step tutorials are really helpful, but I find it easier to read them with this short definitions in mind. I hope it helps you too.
