How to Tell What Profile/Signing Certificate Was Used to Sign .Ipa

  • Home
  • Languages
  • iOS
  • How to Tell What Profile/Signing Certificate Was Used to Sign .Ipa

How to tell what profile/signing certificate was used to sign .ipa?

Provisioning Profiles have a UUID that can be seen using the Terminal command:

security cms -D -i (path_to_your_provisioning_profile)

See the UUID section of the command output like:

<key>UUID</key>
<string>A008C022-7B82-4E40-8B37-172763E1E3CC</string>

Xcode inserts the provisioning profile used to sign the application within the .app bundle. To find it, rename your .ipa to .zip, uncompress it with Finder, find the .app file in /Payload. "Show Package Contents" on the .app file and find the provisioning profile with the name embedded.mobileprovision.

Dump its entitlements using the above command and compare that with the UUID found within your profiles in your Xcode Organizer > Devices tab > Provisioning Profile section under "Library". You can use "Show in Finder" on those to reveal their location on disk.

How to find out what profile was used for building *.ipa file?

I can give you a direction in this, not sure if it'll actually help:

  1. Change the extension of the *.ipa file to *.zip.
  2. Un-archive this zip file.
  3. The folder contains a *.app file. Open its package contents by right clicking it.
  4. Inside, you'll find an embedded.mobileprovision file.

EDIT- Since Xcode 6 doesn't show the provisioning profile, I'll extend the answer to still see the details:


  1. Change the extension of the embedded.mobileprovision to embedded.txt or just open it with any text editor of choice.
  2. Inside, you'll find some binary data and a hash that contains the profile's details like Entitlements, CreationDate, ExpirationDate, Name, etc which will be sufficient to conclusively lead you to the provisioning profile used to create the .ipa.

Hope it'll help!

Certificate in Provisioning Profile does not match certificate which signed app

Resigning the app is possible. And it's often used to create white lable application, when you build the app once and after you resign the build to distribute to the customers.
But there are some moments you had to know.
The provision profile is related with application bundle identifier. You can't use provision profile from another app. Before changing the provision profile you have to change the application identifier in Info.plist file. Provision profile is trusted by a certificate. Provision profile defines the app features/entitlements (push notifications, distribution type, debugging mode etc)
So both Provision Profile and signing certificate are connected.

I used codesign utility (command line tool in macOS system).

To detect issues after signing you can use the following guide:

  1. *.ipa file is zip archived folder. Do unzip it by command: $ unzip MYAPP.zip. After that appears folder Payload
  2. Find embedded.mobileprovision inside the Payload\MYAPP.app folder. Open it by any plain text editor. I use TextWrangler
  3. Read carefully it, you understand is ProvisionProfile valid or not
  4. To get information about the code signing status use $ codesign -vv -d Payload/MYAPP.app

Reading all output helps understanding the issue. Also be friendly with Terminal.

More useful tools for signing, detecting certificates in the system at GitHub page

enter image description here

UPDATE (add answer from @avregi):

We fixed it by using the tool called iOS App Signer.

1: I sent the .ipa file signed with the developer certificate to the client.

2: The client creates the desired certificate and provisioning profile in the Apple developer center.

3: The client opens iOS App Signer and fills in the required fields. (In my case: the .ipa, their certificate and provisioning profile).

4: iOS App Signer creates a new resigned .ipa file.

Bonus:

5: You can validate your .ipa file by opening the .app file in finder (Show Package Contents). In this folder search for your .mobileprovision file and inspect it using Provisioning. You should see your new provisioning profile.

If you follow these steps it's possible to resign an .ipa from a developer certificate to a distribution certificate.

IMPORTANT: The app iResigner didn't resign the libswiftCore framework which caused problems for us. I wouldn't recommend this tool since it's outdated.

re-sign IPA files

Try this software. It was working fine for me for re-signing IPA with enterprise certificates.

https://github.com/maciekish/iReSign

Retrieve certificate expiration date from an .ipa file?

Do the following:

unzip -q MyApp.ipa
$ codesign -d --extract-certificates Payload/*.app
$ openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -dates

After doing the above, you will get output with:

notAfter=Aug 4 16:08:00 2017 GMT

This is the certificate expiration date.

Re-sign .ipa with less or more devices

The device has stored a copy of an old provisioning profile, and that profile permits the app to be installed on the device.

Mostly we can consider a code signing certificate and a provisioning profile as one thing. But they actually perform two separate functions.

  • A code signing certificate and its private key is used for signing an app.
  • A provisioning profile contains lists of devices, code signing certificates, entitlements, and a bundle ID. It is a ticket from Apple which gives permission to install apps not from the App Store.

When a device attempts to install an app, it searches for a stored provisioning profile that may be used to install the app. This may be the provisioning profile included with the app, or a previously installed profile.

To remove provisioning profiles from a device:

  1. Open Xcode and select the menu Windows -> Devices...
  2. Ctrl-click on the device and select “Show provisioning profiles...” from the drop down menu.
  3. Select unwanted profiles and press the “-”-button.

How do I sign an unsigned IPA?

An IPA is simply a .zip archive. Here is a example script to get the idea

IPA=$1
PROVISION="/path/to/nameOfProfile.mobileprovision"
CERTIFICATE="iPhone Developer: nameOfCertificate (2472ZKDHVF2A)" # must exist in keychain
# unzip the ipa
unzip -q "$IPA"
# remove the signature
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
# replace the provision
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
#copy existing entitlements to use it for resigning
cp Payload/*.app//archived-expanded-entitlements.xcent entitlements.plist
# sign with the new certificate
/usr/bin/codesign -f -s "$CERTIFICATE" --entitlements "entitlements.plist" Payload/*.app
# zip it 
zip -qr newIpaName.ipa Payload
#clean up
rm -f entitlements.plist
rm -rf Payload

To find the name of the Certificate:

  • Open "Keychain Access"
  • Right+click on the Certificate -> "Get Info"
  • Copy and use "Common Name"

Related Topics

Uicolor Colorwithred:Green:Blue:Alpha: Always Returns White Unless One Argument Is 0

How Can Split from String to Array by Chunks of Given Size

Testing for Equality in Realm

Reading Text and Images from a PDF Document in iOS

iOS App Compatibility Issue

Fix Cordova Geolocation Ask for Location Message

How to Get Index Path of Cell on Switch Change Event in Section Based Table View

How to Install an Unsigned IPA File on My Device Using an Apple Developer Account

Audiokit: Using the New Aksequencer with Any Variety of the Callback Instruments

Saving and Loading Up a Highscore in Swift Using Nsuserdefaults

Done Button Click Event in Avplayerviewcontroller

Block_Release Deallocating UI Objects on a Background Thread

How to Use Local-Only Project via Cocoapods

Swiftui Show/Hide Title Issues with Navigationbar

Toggling Airplane Mode in iOS Programmatically

Spritekit: Why Does It Wait One Round for the Score to Update? (Swift)

How to Deserialize an Escaped JSON String with Nsjsonserialization

Didupdatelocations Not Called


Leave a reply



Submit