Signing Code For iPhone Development
Code signing ensures the integrity of code and positively identifies the originator of the code. Apple requires all iPhone applications to be digitally signed before they can be run on a development system and before they are submitted to Apple for distribution. In addition, Apple adds its own digital signature to each application before distributing it.
Digital Signatures and Signing Identities
Apple requires that all iPhone applications be digitally signed with a signing certificate issued by Apple to a registered iPhone developer. This signature authenticates the identity of the developer of the application and ensures that the application has not been modified or corrupted since it was signed.
Digital signatures require the use of two distinct but mathematically-related encryption keys known as a public key and a private key. The private key is used in the signing process, and the public key is used to verify the signature. The public key is stored in the signing certificate; the private key is stored separately. This combination of a certificate and related private key is called a digital identity or signing identity.
To obtain a signing identity for iPhone development, you use the Certificate Assistant in the Keychain Access utility to create a Certificate Signing Request (CSR), which you submit for approval using the Program Portal of the iPhone Developer Program. When your request is approved, you download the certificate file and double-click to install it in your keychain. What may not be apparent in this procedure is that when you use the Certificate Assistant utility to generate a CSR, it automatically generates a public-private key pair. It includes the public key in the certificate request sent to Apple and stores the private key in your keychain.
When you download and install the signing certificate, the Keychain Access utility associates it with the private key, thus creating a signing identity. To see your certificates with their associated private keys, open the Keychain Access utility and click My Certificates in the Category pane.
When you install a signed application on your provisioned device, the iPhone OS verifies the signature to make sure the application was signed by you and has not been altered since it was signed. If the signature is not valid or if the code was not signed by you, the iPhone OS will not let the application run.
Similarly, when you send your application to Apple for approval and distribution, you must sign the application using your signing identity and send your signing certificate along with the application. (You donot send your private key to Apple.) Apple then verifies the signature to be sure that the code came from a registered developer (you) and has not been corrupted. Finally, Apple signs your signed application with its own signing certificate. Only then can your application run on an iPhone or iPod Touch other than your development device. This policy enables the owners of these devices to be secure in the knowledge that the applications they download from iTunes have been written by registered developers and have not been altered since they were created.
Copying a Signing Identity To Another Computer
If you want to use more than one computer for development (for example, your desktop computer in the office and your laptop at home), you need to have your signing identity on both computers. Because the signing certificate file you downloaded from the Program Portal does not include your private key, just copying this file to the second computer is not sufficient. Instead, use the Export Items menu item in the File menu of Keychain Access to export both the certificate and private key as a Personal Information Exchange (.p12) file and copy that file to the second computer. Double-click the file to install the certificate and key in the keychain.
Keeping Your Private Key Safe and Secure
This system is very secure as long as you keep your signing identity—especially your private key—secure. However, if any unauthorized person has access to your signing certificate and private key, then they can alter your application and sign the altered code, or they can write their own application and present it as yours. Therefore, the physical security of your private key is essential to prevent malicious use of your software and your identity.
Before obtaining a signing identity and proceeding to sign code, you must determine who within your company should possess the identity, who can use it, and how to keep it safe. For example, if the identity must be used by more than one person, you can keep it in the keychain of a secure computer and give the password of the keychain only to authorized users, or you can put the identity on a smart card to which only authorized users have the PIN.
By default, your keychain password is the same as your login password, and your keychain remains unlocked as long as you are logged in to your computer. This is akin to leaving your car keys on a table next to the back door, and leaving the back door unlocked all day. The fact that it requires a key to start your car is no protection against car theft if you don’t keep the car key secure.
To provide some security for the signing identities and other valuable secrets stored in your keychain, you should adopt at least the following measures:
Set your keychain to lock itself when not in use: in the Keychain Access utility, choose Edit > Change Settings for Keychain, and check both Lock checkboxes.
Use a different password for your keychain than your login password: In Keychain Access utility, choose Edit > Change Password to change your keychain’s password. Click the lock icon in the Change Password dialog to get the password assistant, which tells you how secure your password is and can suggest passwords. Be sure to pick one you can remember—don’t write it down anywhere.
In addition, provide physical security for your computers to prevent unauthorized people from gaining access to them.
As with any other important data, you should keep a backup of your signing identity in a safe place. You can put it in the keychain of another secure computer, or you can store it on an encrypted CD or in an encrypted disk image in the form of a Personal Information Exchange (.p12) file. Just be sure that all the passwords you use are strong and that all the computers you use for this purpose are kept physically secure, with access limited to a few trusted individuals.
Where to Start
Procedures for obtaining and installing a signing identity are detailed in the Program Portal on the iPhone Developer Program website. Click the Program Portal icon near the top-right corner of the iPhone DevCenter page (you have to be logged in to make this link active).