Application Code Signing

Signing an application allows the system to identify who signed the application and to verify that the application has not been modified since it was signed. Signing is a requirement for submitting to the App Store (both for iOS and Mac apps). OS X and iOS verify the signature of applications downloaded from the App Store or the Mac App Store to ensure that they they do not run applications with invalid signatures. This lets users trust that the application was signed by an Apple source and hasn’t been modified since it was signed.

Xcode uses your digital identity to sign your application during the build process. This digital identity consists of a public-private key pair and a certificate. The private key is used by cryptographic functions to generate the signature. The certificate is issued by Apple; it contains the public key and identifies you as the owner of the key pair.

In order to sign applications, you must have both parts of your digital identity installed. Use Xcode or Keychain Access to manage your digital identities. Depending on your role in your development team, you may have multiple digital identities for use in different contexts. For example, the identity you use for signing during development is different from the identity you user for distribution on the App Store or the Mac App Store. Different digital identities are also used for development on OS X and iOS.

An application’s executable code is protected by its signature because the signature becomes invalid if any of the executable code in the app bundle changes.

An application’s signature can be removed, and the application can be re-signed using another digital identity. For example, Apple re-signs all applications sold on the App Store and the Mac App Store. Also, a fully-tested development build of your application can be re-signed for submission to the App Store or the Mac App Store. Thus the signature is best understood not as indelible proof of the application’s origins but as a verifiable mark placed by the signer.