Distinction- iOS Code Signing Identity & Provisioning Profiles
Being an iOS developer, you might be getting annoyed with Code Signing Identity and Provisioning Profiles. And, might even be questioning, what is Code Signing Identity? What’s the need for creating Provisioning Profiles? What’s the difference between the two? Being a developer, why should I even care about it?
What is Code Signing Identity?
As per Apple, it’s their security mechanism, which is used for authenticating identity. It assures users that the applications are trustworthy, and they are created by an Apple authorized source, and it hasn’t tampered.
The term Signing allows iOS to recognize who has signed the application while verifying that it hasn’t tampered since its signing. And, the Signing Identity in the Code Signing Identity is something, which consists of a public and private key pair that are specially created by an Apple.
In other words, Code Signing Identity is referred to as the Common Name of the certificates which are installed in the Developer’s machine Keychain. In Xcode an integrated development environment (IDE), it appears as an option in the build setting as a list option from which developers can select the Identity to be used for CodeSign.
Likewise, it contains a lot of information which are encoded in every section of the menu.
Looking at the above example, you can see that text ‘iPhone Developer: Bryan Musial (XXXXXXXXXX)’ is bold and this is the main item used by the Xcode to find the public and private keys used for Code Sign.
To be more precise, if you open Keychain Access and double click “iPhone Development” or “iPhone Distribution” you will see the certificates which show the information which is encoded into the certificates issued to developers by Apple.
What is a Provisioning Profile?
Put simply, Provisioning Profiles is an Apple’s way to enforce
- Which code can be run?
- Who can run the given code?
- On which devices the code can be run?
Also, Provisioning Profiles consists of three main parts,
Application Bundle ID, which is a unique reverse domain of the application. In this, ID is used for uniquely defining the application. For example, “com..“
Certificates authorize which users can build or distribute the application.
Device ID is a list of devices UDIDs, which are authorized for running the application.
In other words, Provisioning Profile is a container of all the component needed by an operating system for deciding whether to let an application run on it or not. Provisioning Profile is used for enabling application debugging on development devices, ad-hoc, and enterprise distribution. It’s not a property list, but a file encoded in the CMS (Cryptographic Message Syntax). Likewise, CMS format is used for encoding a provisioning profile, because it helps in allowing the profile to be signed, so it cannot be changed after the issuance.
Note: Provisioning Profile can be found in an Xcode. (Path: ~/Library/MobileDevices/Provisioning Profiles).