Logo for tanaschita.com

Developer guide on iOS code signing & provisioning

Understanding provisioning profiles & certificates.

12 Dec 2022 · 4 min read

When developing iOS applications, we need to sign them with a certificate issued by Apple before we can distribute them via App Store or to testing platforms like Testflight. The signing procedure ensures that the iOS application comes from an approved source and hasn't been tampered with.

Xcode provides automatic code signing, but more advanced or automated environments require a manual setup. This is when we need to understand how the underlying code signing & provisioning works. So let's dive in.

Sponsorship logo
Preparing for a technical iOS job interview
Check out my new book on preparing for a technical iOS job interview with over 200 questions & answers. Test your knowledge on iOS topics such as Swift & Objective-C, SwiftUI & UIKit, Combine, HTTP Networking, Authentication, Core Data, Concurrency with async/await, Security, Automated Testing and more.
LEARN MORE

Provisioning profile

A provisioning profile is the core file of the signing process. It can be created through the developer portal and downloaded as a .mobileprovision file.

The provisioning profile provides information on how Apple can identify an iOS application, what the app intends to do, where it can run and more. To be more specific, a provisioning profile contains:

  • the distribution type, e.g. Development, Ad Hoc or App Store
  • the app's App ID which identifies the app
  • the developer's identity in form of a certificate

Let's look at each component in more detail.

Distribution type

When creating a provisioning profile, we specify in which context it will be used. The following options are available:

  • Development - to install the app on test devices during development
  • Ad Hoc - to install the app on a limited number of registered devices
  • App Store - to submit the app to the App Store

For ad hoc distribution, the provisioning profile will also include a list of device IDs.

App ID

An App ID is a string used to identify one or more apps from a development team. It consists of two parts, the Team ID and the Bundle ID separated by a period. The Team ID is supplied by Apple, while the Bundle ID is supplied by us developers.

When creating an App ID we can choose capabilities our iOS application will use. Capabilities & entitlements provide access to Apple's App Services, for example Push Notifications.

Entitlements are configured by declaring capabilities for a target in Xcode. Xcode records capabilities in a property list file with an .entitlements extension which we can also edit directly.

When code signing an iOS application, Xcode combines the entitlements file, information from the developer account, and other project information to apply a final set of entitlements to the app.

Certificates

As already mentioned, a provisioning file contains a certificate to identify the developer of the iOS application. Certificates are based on public-key cryptography and follow the X.509 standard.

We can create certificates through the Apple Developer Portal in the Certificates section. In the process of creating a certificate, we'll be asked to upload a Certificate Signing Request (CSR) so Apple can sign our certificate.

A CSR can be created by opening Keychain Access and choosing Keychain Access ▸ Certificate Assistant ▸ Request a Certificate from a Certificate Authority. Behind the scenes, Keychain Access creates a public-private key pair. The CRT file contains the public key whereas the private key is kept in the keychain.

After uploading the CSR, Apple signs it and we'll be able to download a .cert file. Double-clicking it will open it with Keychain Access and we'll be able to see the new Apple-signed certificate.

Bringing it all together

Now, that we have a provisioning profile, a certificate and a matching private key in our keychain, we can use it to build, archive and sign an iOS application.

Sponsorship logo
Preparing for a technical iOS job interview
Check out my new book on preparing for a technical iOS job interview with over 200 questions & answers. Test your knowledge on iOS topics such as Swift & Objective-C, SwiftUI & UIKit, Combine, HTTP Networking, Authentication, Core Data, Concurrency with async/await, Security, Automated Testing and more.
LEARN MORE

Newsletter

Image of a reading marmot
Subscribe

Like to support my work?

Say hi

Related tags

Articles with related topics

continuous integration

networking

ios

Authorizing App Store Connect API requests

Learn how to create and use a JSON Web Token when communicating with the App Store Connect API.

26 Dec 2022 · 4 min read

Latest articles and tips

© 2023 tanaschita.com

Privacy policy

Impressum