SlideShare a Scribd company logo

iOS Provisioning : Running your app in an iOS device

Download as PPTX, PDF
Madusha Perera
Madusha Perera

About iOS Provisioning Profiles

Software
1 of 36
Developer Certificates, Provisioning profiles and what the heck ! Created by Madusha
To do List ! 1. Generating and installing A developer certificate 2. Creating AN App ID for your app/s 3. Creating A Provisioning Profile for your app 4. Registering the devices you want the app to be tested on
Why apple made this a mission impossible task! • Apple guarantees to the the apple device (iPhone/iPad,…) owner that any app he runs on the device is created by an authorized (trusted) apple developer. (hopefully the device must not have jail broken)
How Apple ensures the trust
Developer Certificate Authenticity Integrity Non-Repudiation TRUST
• Authenticity Ensures whether you are a real authorized Apple developer (are you sure you paid $99) • Integrity Has the code being modified on the way to the device by some one else • Non-Repudiation Developer must be responsible of what he has sent (dev can’t say “hey I didn’t do that”)
We need to know PKI
Analogy for digital Certificate Name of the owner Name of the issuer Seal of the issuer Date issued
University of Queensland Russell Employer trustsIssues a certificate Employer trusts Russell 1 2 3
What does a digital certificate has X.509 standard public key digital signature
Lets take an Example • ComBank Online • Buy a certificate from Comodo To request for a certificate you need to create a Key Pair (Private/Public keys) and CSR. Ex: using openssl but for our case we’ll have them created automatically as you will see later
? #$#^$^%*% Hi Handsome Cleopatra’s private key = 2 Cleopatra’s public key = 25 public key = |Σ| - private key, where public key , private key < |Σ|
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 Hi handsome = 8 9 27 8 1 14 4 19 15 13 5 encrypt with private key = 2 10 11 2 10 3 16 6 21 17 15 7 Encryption/Dycription formula: output = (charValue + private key ) % |Σ| = (charValue + 2) % 27
10 11 2 10 3 16 6 21 17 15 7 decrypt using public key = 25 Encryption/Dycription formula: output = (charValue + public key ) % |Σ| = (charValue + 25) % 27 8 9 27 8 1 14 4 19 15 13 5 = Hi handsome A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7
What does a CSR has PKCS #10 spec Information Description Distinguished Name (DN) www.commercialbk.com (fully qualified domain name) Business/Organization Name Commercial Bank Department Name IT Town/City Colombo Province/State Western Country LK Email address ###### Public Key ###### FEE +
Public key Signature
Senders Digital Certificate Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### hash (sha1) digest encrypt using Comodo’s private key signature Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### attach the signature to the certificate
How receiver(browser) authenticates the web site Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### decrypt using Comodo’s public key CA Certificate Org : Comodo Issuer : Comodo Public Key : ##### hash (sha1) digest digest Equal ? yes trust www.commercialbk.com site
Lets create a Dev cert for our selves code signing identity (public key + private key)
Code Sign Executable file encrypt with developer’s private key hash digest App Bundle .app • executable file • provisioning profile • info.plist • icons … etc.
Where the hell is App Bundle? • This is the <AppName>.app inside your .ipa • You can view package contents by right clicking .app
Lets check whether the code is really signed codesign --display --verbose=4 /path/to/appBundle/exeFile Machan, codesign is the utility which Xcode uses to sign your code !
The build process
App ID • Uniquely identify your app • BundleId = <reverse domain name>.<productName> o com.virtusa.MyApp • AppID ≈ BundleID • AppID = <prefix>.<bundleID> o Prefix is a 10characters long string auto generated by provisioning portal. o Example: 9572D83736. com.virtusa.MyApp Lets see this in portal: we can even attach services such as push notifications (entitlements) that are unique for the specific app. That is because those services must need to identify the app uniquely. For example APNS must know the exact app to push notifications.
Provisioning profile (A PKCS#7 signed plist) • Why do we need it o Its just a signed plist and apple uses this to verify that the application is being installed is from an authorized developer and that the contents of it has not been modified. And moreover apple doesn’t want us to run apps in any device other than via app store. • It’s not a must to have it in the .ipa but it’s a must to have it installed in the device some how. • To check the provision profiles in the iphone o Settings-> genaral -> profiles o You can view proviosion profile in the ipa as embedded.mobileproviosn
Provisioning profile : Anatomy App ID UDIDs Dev Certificate/s This Unique app Can run on these restricted devices With the trust based on the sign by authorized developer/s
What’s inside provisioning profile • Lets check provision profiles’ validity and its’ content openssl smime -in /path/to/provisioningProfile -inform der -verify
UDIDs UUID Are you kidding me ?
After the creation of respective entity • We can’t change any thing in dev cert other than revoking it • We can change permissions for services given in the AppID • We can change dev cert and device UDIDs in the provisioning profile
When the app runs • Take dev cert from provisioning profile and validate its signature and authenticates it as a trusted devcert (authenticate) • Using the public key in that dev cert, decrypt the encrypted digest and match it with the digest of the executable file (integrity/nonrepudiation- developer can’t say its not from me) • If the device is listed in the provisioning profile let the app run on the device.
Jargon • Digital Certificates • X.509 • PKCS standard o PKCS#7 -> used in provisioning profile o PKCS#10 -> used in CSR o PKCS#12 -> used to manage keys • PKI • Code Signing o Code Signing Identity • Provisioning Profiles • UDID/UUID • .ipa/.app & AppBundle
Q & A “The average person’s smartphone knows more about them than their spouse or significant other …”

Recommended

Configure &amp; send push notification on i os device
Configure &amp; send push notification on i os deviceConfigure &amp; send push notification on i os device
Configure &amp; send push notification on i os deviceShepHertz
 
StackLabs-DataDriven Labs - iPhone App Development Training in Mohali
StackLabs-DataDriven Labs - iPhone App Development Training in MohaliStackLabs-DataDriven Labs - iPhone App Development Training in Mohali
StackLabs-DataDriven Labs - iPhone App Development Training in MohaliArcadian Learning
 
AIR & API
AIR & APIAIR & API
AIR & APIArie Prasetyo
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cnsonicxs
 
Mobile Application testing- All you want to know to get started!!
Mobile Application testing- All you want to know to get started!!Mobile Application testing- All you want to know to get started!!
Mobile Application testing- All you want to know to get started!!Neha Thakur
 
AIR 3.0
AIR 3.0AIR 3.0
AIR 3.0Christophe Keromen
 
Resume
ResumeResume
Resumeshivaganeshgupta sunkari
 
Simple Android Project (SAP)... A Test Application
Simple Android Project (SAP)... A Test ApplicationSimple Android Project (SAP)... A Test Application
Simple Android Project (SAP)... A Test ApplicationAritra Mukherjee
 

Recommended

Configure &amp; send push notification on i os device
Configure &amp; send push notification on i os deviceConfigure &amp; send push notification on i os device
Configure &amp; send push notification on i os deviceShepHertz
 
StackLabs-DataDriven Labs - iPhone App Development Training in Mohali
StackLabs-DataDriven Labs - iPhone App Development Training in MohaliStackLabs-DataDriven Labs - iPhone App Development Training in Mohali
StackLabs-DataDriven Labs - iPhone App Development Training in MohaliArcadian Learning
 
AIR & API
AIR & APIAIR & API
AIR & APIArie Prasetyo
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cnsonicxs
 
Mobile Application testing- All you want to know to get started!!
Mobile Application testing- All you want to know to get started!!Mobile Application testing- All you want to know to get started!!
Mobile Application testing- All you want to know to get started!!Neha Thakur
 
AIR 3.0
AIR 3.0AIR 3.0
AIR 3.0Christophe Keromen
 
Resume
ResumeResume
Resumeshivaganeshgupta sunkari
 
Simple Android Project (SAP)... A Test Application
Simple Android Project (SAP)... A Test ApplicationSimple Android Project (SAP)... A Test Application
Simple Android Project (SAP)... A Test ApplicationAritra Mukherjee
 
Intro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOSIntro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOSAndri Yadi
 
Monkey Talk
Monkey TalkMonkey Talk
Monkey TalkJignesh Bhadani
 
TDC2016SP - Trilha Android
TDC2016SP - Trilha AndroidTDC2016SP - Trilha Android
TDC2016SP - Trilha Androidtdc-globalcode
 
iOS App Development Basics
iOS App Development BasicsiOS App Development Basics
iOS App Development BasicsShopify Developer In India | Shopify Expert - Vxplore Technologies
 
Automatic Code Generation
Automatic Code GenerationAutomatic Code Generation
Automatic Code Generationelliando dias
 
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)Andri Yadi
 
Swiftstart - Provisioning Basics
Swiftstart - Provisioning BasicsSwiftstart - Provisioning Basics
Swiftstart - Provisioning Basicslacyrhoades
 
Appium_set_up
Appium_set_upAppium_set_up
Appium_set_upMithilesh Singh
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceJen Looper
 
iOS Distribution and App store pushing and more
iOS Distribution and App store pushing and moreiOS Distribution and App store pushing and more
iOS Distribution and App store pushing and moreNaga Harish M
 
Provisioning Profile
Provisioning ProfileProvisioning Profile
Provisioning ProfileAnupriya Rathore
 
How we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CIHow we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CIMarcio Klepacz
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
IPA Re-sign.pptx
IPA Re-sign.pptxIPA Re-sign.pptx
IPA Re-sign.pptxPavan Kumar Challa
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
Ios development training presentation
Ios development training presentationIos development training presentation
Ios development training presentationDeepak S
 
How to build ios app
How to build ios appHow to build ios app
How to build ios appNishant Raj
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupNeerajKumar1965
 
201505 beena v0
201505 beena v0201505 beena v0
201505 beena v0Mohamedcpcbma
 
push_notification
push_notificationpush_notification
push_notificationZiku Spartan
 
iOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftiOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftKaz Yoshikawa
 

More Related Content

What's hot

Intro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOSIntro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOSAndri Yadi
 
TDC2016SP - Trilha Android
TDC2016SP - Trilha AndroidTDC2016SP - Trilha Android
TDC2016SP - Trilha Androidtdc-globalcode
 
Automatic Code Generation
Automatic Code GenerationAutomatic Code Generation
Automatic Code Generationelliando dias
 
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)Andri Yadi
 

What's hot (6)

Intro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOSIntro to Windows Azure Mobile Services with iOS
Intro to Windows Azure Mobile Services with iOS
 
Monkey Talk
Monkey TalkMonkey Talk
Monkey Talk
 
TDC2016SP - Trilha Android
TDC2016SP - Trilha AndroidTDC2016SP - Trilha Android
TDC2016SP - Trilha Android
 
iOS App Development Basics
iOS App Development BasicsiOS App Development Basics
iOS App Development Basics
 
Automatic Code Generation
Automatic Code GenerationAutomatic Code Generation
Automatic Code Generation
 
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
 

Similar to iOS Provisioning : Running your app in an iOS device

Swiftstart - Provisioning Basics
Swiftstart - Provisioning BasicsSwiftstart - Provisioning Basics
Swiftstart - Provisioning Basicslacyrhoades
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceJen Looper
 
iOS Distribution and App store pushing and more
iOS Distribution and App store pushing and moreiOS Distribution and App store pushing and more
iOS Distribution and App store pushing and moreNaga Harish M
 
How we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CIHow we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CIMarcio Klepacz
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
Ios development training presentation
Ios development training presentationIos development training presentation
Ios development training presentationDeepak S
 
How to build ios app
How to build ios appHow to build ios app
How to build ios appNishant Raj
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupNeerajKumar1965
 
iOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftiOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftKaz Yoshikawa
 
What is Code Signing Certificate.pptx
What is Code Signing Certificate.pptxWhat is Code Signing Certificate.pptx
What is Code Signing Certificate.pptxGloriaBradford1
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesIntuit Developer
 
Cross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-InCross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-InPeter Friese
 

Similar to iOS Provisioning : Running your app in an iOS device (20)

Swiftstart - Provisioning Basics
Swiftstart - Provisioning BasicsSwiftstart - Provisioning Basics
Swiftstart - Provisioning Basics
 
Appium_set_up
Appium_set_upAppium_set_up
Appium_set_up
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT Conference
 
iOS Distribution and App store pushing and more
iOS Distribution and App store pushing and moreiOS Distribution and App store pushing and more
iOS Distribution and App store pushing and more
 
Provisioning Profile
Provisioning ProfileProvisioning Profile
Provisioning Profile
 
How we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CIHow we integrate & deploy Mobile Apps with Travis CI
How we integrate & deploy Mobile Apps with Travis CI
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
IPA Re-sign.pptx
IPA Re-sign.pptxIPA Re-sign.pptx
IPA Re-sign.pptx
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 
Ios development training presentation
Ios development training presentationIos development training presentation
Ios development training presentation
 
How to build ios app
How to build ios appHow to build ios app
How to build ios app
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up Group
 
201505 beena v0
201505 beena v0201505 beena v0
201505 beena v0
 
push_notification
push_notificationpush_notification
push_notification
 
iOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftiOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in Swift
 
What is Code Signing Certificate.pptx
What is Code Signing Certificate.pptxWhat is Code Signing Certificate.pptx
What is Code Signing Certificate.pptx
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
Cross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-InCross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-In
 
Desarrollo AIR Mobile
Desarrollo AIR MobileDesarrollo AIR Mobile
Desarrollo AIR Mobile
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 

iOS Provisioning : Running your app in an iOS device

  • 1.
  • 2. Developer Certificates, Provisioning profiles and what the heck ! Created by Madusha
  • 3. To do List ! 1. Generating and installing A developer certificate 2. Creating AN App ID for your app/s 3. Creating A Provisioning Profile for your app 4. Registering the devices you want the app to be tested on
  • 4. Why apple made this a mission impossible task! • Apple guarantees to the the apple device (iPhone/iPad,…) owner that any app he runs on the device is created by an authorized (trusted) apple developer. (hopefully the device must not have jail broken)
  • 5. How Apple ensures the trust
  • 7. • Authenticity Ensures whether you are a real authorized Apple developer (are you sure you paid $99) • Integrity Has the code being modified on the way to the device by some one else • Non-Repudiation Developer must be responsible of what he has sent (dev can’t say “hey I didn’t do that”)
  • 8. We need to know PKI
  • 9.
  • 10. Analogy for digital Certificate Name of the owner Name of the issuer Seal of the issuer Date issued
  • 11. University of Queensland Russell Employer trustsIssues a certificate Employer trusts Russell 1 2 3
  • 12. What does a digital certificate has X.509 standard public key digital signature
  • 13. Lets take an Example • ComBank Online • Buy a certificate from Comodo To request for a certificate you need to create a Key Pair (Private/Public keys) and CSR. Ex: using openssl but for our case we’ll have them created automatically as you will see later
  • 14. ? #$#^$^%*% Hi Handsome Cleopatra’s private key = 2 Cleopatra’s public key = 25 public key = |Σ| - private key, where public key , private key < |Σ|
  • 15. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 Hi handsome = 8 9 27 8 1 14 4 19 15 13 5 encrypt with private key = 2 10 11 2 10 3 16 6 21 17 15 7 Encryption/Dycription formula: output = (charValue + private key ) % |Σ| = (charValue + 2) % 27
  • 16. 10 11 2 10 3 16 6 21 17 15 7 decrypt using public key = 25 Encryption/Dycription formula: output = (charValue + public key ) % |Σ| = (charValue + 25) % 27 8 9 27 8 1 14 4 19 15 13 5 = Hi handsome A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7
  • 17. What does a CSR has PKCS #10 spec Information Description Distinguished Name (DN) www.commercialbk.com (fully qualified domain name) Business/Organization Name Commercial Bank Department Name IT Town/City Colombo Province/State Western Country LK Email address ###### Public Key ###### FEE +
  • 18.
  • 20. Senders Digital Certificate Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### hash (sha1) digest encrypt using Comodo’s private key signature Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### attach the signature to the certificate
  • 21. How receiver(browser) authenticates the web site Certificate Org : Commercial Bank Issuer : Comodo Public Key : ### decrypt using Comodo’s public key CA Certificate Org : Comodo Issuer : Comodo Public Key : ##### hash (sha1) digest digest Equal ? yes trust www.commercialbk.com site
  • 22. Lets create a Dev cert for our selves code signing identity (public key + private key)
  • 23. Code Sign Executable file encrypt with developer’s private key hash digest App Bundle .app • executable file • provisioning profile • info.plist • icons … etc.
  • 24. Where the hell is App Bundle? • This is the <AppName>.app inside your .ipa • You can view package contents by right clicking .app
  • 25. Lets check whether the code is really signed codesign --display --verbose=4 /path/to/appBundle/exeFile Machan, codesign is the utility which Xcode uses to sign your code !
  • 27. App ID • Uniquely identify your app • BundleId = <reverse domain name>.<productName> o com.virtusa.MyApp • AppID ≈ BundleID • AppID = <prefix>.<bundleID> o Prefix is a 10characters long string auto generated by provisioning portal. o Example: 9572D83736. com.virtusa.MyApp Lets see this in portal: we can even attach services such as push notifications (entitlements) that are unique for the specific app. That is because those services must need to identify the app uniquely. For example APNS must know the exact app to push notifications.
  • 28. Provisioning profile (A PKCS#7 signed plist) • Why do we need it o Its just a signed plist and apple uses this to verify that the application is being installed is from an authorized developer and that the contents of it has not been modified. And moreover apple doesn’t want us to run apps in any device other than via app store. • It’s not a must to have it in the .ipa but it’s a must to have it installed in the device some how. • To check the provision profiles in the iphone o Settings-> genaral -> profiles o You can view proviosion profile in the ipa as embedded.mobileproviosn
  • 29. Provisioning profile : Anatomy App ID UDIDs Dev Certificate/s This Unique app Can run on these restricted devices With the trust based on the sign by authorized developer/s
  • 30. What’s inside provisioning profile • Lets check provision profiles’ validity and its’ content openssl smime -in /path/to/provisioningProfile -inform der -verify
  • 31.
  • 33. After the creation of respective entity • We can’t change any thing in dev cert other than revoking it • We can change permissions for services given in the AppID • We can change dev cert and device UDIDs in the provisioning profile
  • 34. When the app runs • Take dev cert from provisioning profile and validate its signature and authenticates it as a trusted devcert (authenticate) • Using the public key in that dev cert, decrypt the encrypted digest and match it with the digest of the executable file (integrity/nonrepudiation- developer can’t say its not from me) • If the device is listed in the provisioning profile let the app run on the device.
  • 35. Jargon • Digital Certificates • X.509 • PKCS standard o PKCS#7 -> used in provisioning profile o PKCS#10 -> used in CSR o PKCS#12 -> used to manage keys • PKI • Code Signing o Code Signing Identity • Provisioning Profiles • UDID/UUID • .ipa/.app & AppBundle
  • 36. Q & A “The average person’s smartphone knows more about them than their spouse or significant other …”

Editor's Notes

  1. Through a certificate. Apple will give us (iOS developers) a certificate for money. Yes for $99.
  2. This certificate is a digital certificate and you will need it to sign the code of your app later. But why simply to gain trust. This will help to preserve some key concepts in Information Security while fulfilling the Apples promise to the device owner.
  3. PKI is the infrastructure made up of procedures and software's to manage digital certificates.
  4. X.509 is the standard that defines format of digital certificates
  5. Eventually this CSR will be submitted as a .P10 (in PKCS10 format) file.
  6. Lets talk about public key encryption. Here’s a small key creation algorithm I have devised.
  7. Export the code signing identity as a .p12 file so that you can have it any where. Note WWDRCA(World wide developer relations certificate authority)
  8. .ipa is just an archive which has the app bundle. Payload is the sandbox and contains app bundle + documents folder + library folder + tmp folder
  9. Lets create an ipa and test the app bundle for signature.
  10. PKCS#7 is a standard but it has main 2 flavors. pem and der. Apple favours .der format. This is signed and is always validated when installed on the device.
  11. Dev cert is encoded in base64 and embedded to the pp.
  12. UDID(Unique Device Identifier) is the unique number for each device. Hexa decimal value of 40characters. Can check in iTunes. UUID(Universally Unique Identifier) is to uniquely identify an app inside a device. If the app gets re installed UUID changes. The UUID will change when theres an update to the provisional profile.