foreword
Before understanding the iOS signature mechanism, we need to master the following knowledge:
-
Encryption algorithm (symmetric encryption, asymmetric encryption)
-
one-way hash function
-
digital signature
-
Certificate
1. Encryption algorithm
1. Symmetric encryption
Symmetric encryption is: the key used for encryption and decryption is the same, commonly used encryption algorithms are: DES, 3DES, AES (Note: DES 3DES is no longer safe)
- Advantages: fast encryption and decryption
- Disadvantages: insecure, there is a key distribution problem
Assume that A sends a message encrypted with a symmetric cipher to B. Only after sending the key to B can B complete the decryption. During the process of sending the key, the key may be stolen by the middleman, and finally the middleman can complete the decryption .
2. Asymmetric encryption (RSA algorithm)
Asymmetric encryption: There is a pair of keys, which are generated in pairs and divided into public key and private key. The data encrypted by the public key can be unlocked by the private key. The data encrypted by the private key can be unlocked by the public key .
- Disadvantages: Encryption and decryption are time-consuming and slow
- Advantages: security, confidentiality of information, prevention of interception by middlemen
Suppose, A wants to send a message to B, B only needs to generate a pair of public key and private key, the private key is kept by itself, the public key is public, A only needs to get B’s public key to encrypt the message, and send it to B Yes, so it cannot be intercepted and decrypted by an intermediary during transmission
3. Hybrid password system
Due to the shortcomings of both symmetric and asymmetric encryption, hybrid cryptographic systems emerged as the times require
- For encryption and decryption: Symmetric encryption is fast
- For key distribution: asymmetric encryption security
Suppose, A wants to send a message to B, A generates a key for symmetric encryption, B uses the RSA algorithm to generate a pair of public key and private key, the private key is kept by itself, the public key is public, and A first uses B’s The public key encrypts the secret key generated by itself and sends it to B, and B gets the key. After that, A sends messages with this key to encrypt the message, and B decrypts it with the obtained symmetric key.
Summary: Key transmission uses asymmetric encryption (secure), message transmission uses symmetric encryption (fast)
Two, one-way hash function (also known as summary)
one-way hash function
It means that different input values are calculated through a one-way hash function to obtain a fixed-length output value. This input value is called a message message, and the output value is called a hash value
Features of one-way hash functions:
1. Calculate a fixed-length hash value based on information of any length.
2. Quickly calculate the hash value
. 3. The hash values calculated
by different information are different. )
Common one-way hash functions are:
MD4, MD5 is 128bit (unsafe)
SHA-1 is 160bit (20 bytes) (unsafe)
SHA-2 (SHA-256, SHA-384, SHA-512)
SHA-3 new standard
3. Digital signature
Digital signatures are mainly used to verify that data has not been tampered with.
For a better understanding, let's simulate it again, the realization of digital signature
- When A wants to send a message to B, A-→B, if there is an intermediary who changes the message, AB will not be aware of it, and a digital signature is used at this time.
- But how to do it, you must compare whether the messages are consistent. For security, you can only use asymmetric encryption
1. A generates a pair of public key and private key, the private key is kept by himself and the public key is sent to B
2. A encrypts the message with the private key to generate a signature, and sends [message, signature] to B together
3. B receives [ message, signature], use the public key to decrypt the signature and compare it with the received message to confirm that the data has not been tampered with
There is a problem with the above process:
- Signature speed is too slow: Because the message is signed by asymmetric encryption, sometimes the message is very large and the speed is very slow. Here, a one-way hash function is used
We can improve the signature generation
1. A generates a pair of public key and private key, the private key is kept by itself and the public key is sent to B
2. A first generates a hash value for the message with a one-way hash function, and encrypts the hash value with the private key to generate a signature ,Send [message, signature] to B together
3. B receives [message, signature], decrypts the signature with the public key to get a hash value 1, and uses the same one-way hash function to generate a hash value for the message 2. By comparing the two hash values, it is confirmed that the data has not been tampered with
4. Certificate
Certificates are also called public key certificates, mainly to solve the problem of distribution and delivery. The digital signature is mainly applied by the certification authority (Certificate Authority). CA is an
organization or individual that can determine that the public key really belongs to this person and can use it to generate a digital signature.
The process is roughly as follows:
- A generates a pair of `public key and private key`, A registers its own public key in the certification authority CA, and the certification authority uses its own private key to digitally sign A's public key, `[A's public key, digital signature]` Both for certificates.
- B goes to the certification authority to download the public key certificate `[A's public key, digital signature]` registered by A, and B uses the public key of the certification authority to verify the signature of the certificate. If the verification succeeds, it means that A's public key is indeed generated by A, so that Get the public key of A.
5. iOS signature mechanism
1. certSigningRequest file
When we create a certificate, Apple will ask us to provide a .certSigningRequest file. In fact, this file contains the public key of our Mac computer as shown below:
The above file creation steps are as shown in the figure below. This operation is to generate a pair of public key and private key on our computer. The private key is saved in our computer, and the public key is generated. certSigningRequest file.
The .certSigningRequest file records the developer's personal information, public key, encryption algorithm, and one-way hash function, etc.
You can use the following command to view the contents of the file:
| 1 |
|
The content is as follows:
2. .cer and .p12 files
After Apple gets our Mac public key, sign our public key with Apple's private key to generate a development or release certificate
The .cer file contains developer account information, Mac public key and corresponding signature
We can use the following command to view the contents of the file:
| 1 |
|
.p12 file (the file we exported via keychain) p12 file = `.cer file` + `Mac private key`
This is why only the computer that generated the `.certSigningRequest` file can be packaged. If other computers want to package it, the computer that generated the `.certSigningRequest` file must export the p12 file to add the certificate.
3. Mobileprovision file (description file)
Apple will re-sign the (development, release, push, etc.) certificate, [Mac public key, signature] + [devices appid, entitlements], use Apple's private key to sign to generate a file, .mobileprovision is what we usually call Said description file.
Entitlements determine which system resources are allowed to be used under what circumstances. Simply put, it is a sandbox configuration list (plist file format)
Why do you need a .mobileprovision file
Only digital certificates are not enough. In order to prevent the abuse of permissions, developers also need to register the devices used for development on Apple's official website. Only registered devices are allowed to install apps according to the above process. The official limit is 100 devices. In addition, Apple also needs to control the permissions of the app, such as whether it can use iCloud, Wallet, Maps, etc. Apple refers to these function authorizations as Entitlements. After the developer configures the above permissions, he needs to download and install the corresponding mobileprovision file from the Apple background
The file contains:
Certificate, Registered Device List, AppId, Feature Authorization List, Apple's Signature
If necessary, you can use the following command to view the contents of the .mobileprovision file
| 1 |
|
4. Packaging and installation process
1. The .mobileprovision file will be placed under the specified directory of Xcode. When we pack it, we first compile and generate a binary data package, then encrypt it with a Mac private key to generate a signature, and add the .mobileprovision file to generate our ipa package.
2. Each of our iPhones has built-in Apple’s public key. When the App is installed, first use Apple’s public key to authenticate the .mobileprovision file twice to get the Mac’s public key, and finally use the Mac’s public key to verify the third signature, and if successful the program is installed.
6. Flowchart
1. Non-Appstroe download and installation process
2. Appstroe download and installation process
Two kinds of ipa installation packages (.ipa and .zip interchange)
- We generate via Xcode Archive (common enterprise bundle)
- Download on Appstroe
Difference: The ipa generated by us has one more .mobileprovision file than the one downloaded in Appstroe.
Reason: After the App is submitted to Appstroe for review, Apple will re-sign our App. This time, we use Apple’s private key to re-sign the App to generate[ App, signature ]