RubyMotion logoRubyMotion

 
 
 

Code signing

In order to test an iOS application in your devices or submit iOS and macOS applications to the AppStore, you need to sign them. This ensures that only registered developers can distribute apps and prevents spreading of malicious code.

To sign an application you need three things:

  • A certificate

  • A private key

  • A provisioning profile

1. Certificates and private keys

Each certificate has an associated private key. Both are stored in the macOS keychain (/Applications/Utilities/Keychain Access.app) in the "My Certificates" category. If you can find a certificate in the "Certificates" category but not in "My Certificates", that means the private key for that certificate is missing and you have to generate a new one. If a certificate has an associated private key in the keychain, an arrow will appear next to the certificate name. If you click the arrow, the private key will appear in the next row.

Keychain Access

The combination of a certificate and its private key is called a "signing identity". Each certificate is associated with a developer account and a developer team but they are not associated with a particular app. Certificate files usually have the .cer extension, and private keys usually have the .p12 extension. There are multipe types of certificates:

iOS, tvOS, watchOS:

  • Development: sign development versions of your iOS app.

  • Distribution: sign your app for submission to the App Store or for Ad Hoc distribution.

macOS:

  • Development: sign development versions of your Mac app.

  • Distribution: sign your Mac app for submission to the Mac App Store.

  • Developer ID Application: sign your Mac app to distribute it outside the Mac App Store.

2. Provisioning profiles

Provisioning profiles are associated with an Application Identifier and contain information about the entitlements the app can request, the distribution method, the devices it can be installed on, the certificates it can be signed with, etc. Provisioning profiles have the .mobileprovision extension. There are multiple types of certificates:

iOS, tvOS, watchOS:

  • Development:

  • iOS App Development: install development apps on test devices.

  • tvOS App Development: install development apps on tvOS test devices.

  • Distribution:

  • App Store: submit your app to the App Store.

  • tvOS App Store: submit your tvOS app to the App Store.

  • Ad Hoc: install your app on a limited number of registered devices.

  • tvOS Ad Hoc: to install your app on a limited number of registered tvOS devices.

macOS:

  • Development:

  • Mac App Development: install development apps on test devices.

  • Distribution

  • Developer ID: use Apple services with your Developer ID signed applications.

  • Mac App Store: submit your app to the Mac App Store.

3. Developer Account

To create a free Apple Developer account, you first need to register a regular Apple ID and then register as a developer using the same account.

Each developer account (associated with an email) can belong to multiple developer teams.

By default, each developer account is assigned a free individual team with the hability to create a free developer certificate with which you can test your own applications in your devices. You also get access to download beta software and developer tools like Xcode.

If you want to distribute applications on the AppStore, you will need to enroll in the paid developer progam, either as an individual or a company.

If you enroll as an individual, your free individual team gains the hability to distribute apps on the AppStore. You can also enroll in a paid developer program as a company, and you will become the team agent. Otherwise, a team agent in another team can invite you to become a member.

If you belong to multiple teams, every time you enter the developer portal, you will be asked which team you would like to manage.

4. Developer Portal

The tasks you can perform in the Developer Portal belong mainly to four categories:

  1. Certificates

  2. Identifiers

  3. Devices

  4. Provisioning Profiles

4.1. Certificates

In this section you can create and revoke certificates. Team members can only create development certificates. Team agents and admins can additionally create production certificates.

Each member of the team can only create one development certificate. There is also a limit of one distribution certificate per team. You can see and download other team member’s certificates on the Developer Portal, however you will likely not be able to use them because you don’t have the private key associated with them. If you have lost the private key of your certificate, you will need to revoke it, and create a new one.

To install a certificate in your keychain, double click the downloaded certificate file (with a .cer extension). The Developer ID certificate appears in the "My Certificates" category in Keychain Access.

4.2. Identifiers

In this section you can manage application IDs, including iOS, tvOS, watchOS, macOS and app extensions. Additionally you can manage other types of identifiers used for Passes in Wallet, Website Push, iCloud Containers, App Groups and Apple Pay. In this guide we’ll focus on application IDs.

You can create a wildcard App ID that matches one or more apps or an explicit App ID that exactly matches your bundle ID. The app services enabled for an App ID serve as a whitelist of the services one or more apps may use. What services an app actually uses is configured in the Rakefile. You can enable app services when you create an App ID or modify these settings later. Game Center and In-App Purchase are enabled by default for an explicit App ID.

4.3. Devices

To install an application signed with a development certificate, your device needs to be registered. In order to register your device you need its device ID. There are different ways to get the device ID:

Using Xcode (for macOS, iOS, tvOS and watchOS devices):

  1. In the menu bar, go to Window > Devices.

  2. For iOS and tvOS devices, connect a device to your Mac. For watchOS devices, connect an iPhone paired with an Apple Watch.

  3. Select your device in the left sidebar.

  4. The device identifier appears in the Identifier field.

Using iTunes (for iOS and tvOS devices):

  1. Launch iTunes.

  2. Connect your device to your Mac.

  3. In the upper-right corner, select the device.

  4. In the Summary pane, click the Serial Number label (for iOS, it appears under Capacity or Phone Number).

  5. The label Serial Number changes to UDID and displays the device ID.

  6. Copy the device ID by Control-clicking the identifier and choosing Copy from the shortcut menu.

  7. Paste the device ID in a document or an email message.

4.4. Provisioning Profiles

Before creating a development provisioning profile, make sure you have an App ID, one or more development certificates, and one or more devices. To create a development provisioning profile, you select an App ID, one or more development certificates, and multiple test devices.

An ad hoc provisioning profile allows testers to run your app on their device. To create an ad hoc provisioning profile, you select an App ID, a single distribution certificate, and multiple test devices.

Before uploading your app to the store, you provision it using a distribution provisioning profile. To create a distribution provisioning profile, you select an App ID, a single distribution certificate.

5. motion-provisioning

Fortunately, as a RubyMotion developer, you dont have to deal with all this madness. By setting up motion-provisioning in your project, you will get automatic management of your certificates and provisioning profiles from the command line.

6. Links