苹果官方文档 关于代码签名

Code signing is a security technology, used in OS X, that allows you to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code.

   代码签名是用在mac系统中的一种安全技术，他允许你验证app是被你创建的，一旦app被签名，系统可以观察app的任何变化，无论这些变化是偶然的，还是恶意的。

 

   Users appreciate code signing. After installing a new version of a code-signed app, a user is not bothered with alerts asking again for permission to access the keychain or similar resources. As long as the new version uses the same digital signature, OS X can treat the new app exactly as it treated the previous one.

  

Other OS X security features, such as App Sandbox and parental controls, also depend on code signing.

In most cases, you can rely on Xcode’s automatic code signing (described in App Distribution Guide), which requires only that you specify a code signing identity in the build settings for your project. This document is for readers who must go beyond automatic code signing—perhaps to troubleshoot an unusual problem, or to incorporate the codesign(1) tool into a build system.

   用户喜欢数字签名，在安装一个新的数字签名后的版本后，用户不在被是否允许访问同样资源的提示框打扰。只要新的版本用的同样的数字签名，系统就会向之前对待之前版本app一样，对待新的版本.

   在很多的情况下，你可以依赖于xcode的自动签名技术。他需要你在项目编译设置中指定一种签名。这个文档适用于需要使用自动代码签名读者，可能读者需要解决一个不通寻常的问题，或者在编译系统中使用签名工具

   

To enable signed code to fulfill these purposes, a code signature consists of three parts:

• A seal, which is a collection of checksums or hashes of the various parts of the code, such as the identifier, the Info.plist, the main executable, the resource files, and so on. The seal can be used to detect alterations to the code and to the app identifier.
• A digital signature, which signs the seal to guarantee its integrity. The signature includes information that can be used to determine who signed the code and whether the signature is valid.
• A unique identifier, which can be used to identify the code or to determine to which groups or categories the code belongs. This identifier can be derived from the contents of the Info.plist for the app, or can be provided explicitly by the signer.

 个人心得 ：真机调试的证书是 苹果颁发的签名证书

                      app-identifier是苹果公钥

                      拿着公钥改程序编写的代码签名之后，才能进行真机调试