security:Command line interface to keychains and Security framework;codeding;重签名

Posted by kunnan on July 1, 2018



security Usage

  • Usage

    Usage: security [-h][-i] [-l][-p prompt] [-q][-v] [command][opt …]

    -i    Run in interactive mode.
    -l    Run /usr/bin/leaks -nocontext before exiting.
    -p    Set the prompt to "prompt" (implies -i).
    -q    Be less verbose.
    -v    Be more verbose about what's going on.

    security commands are:

    help                                 Show all commands, or show usage for a command.


  • find-identity

     security find-identity -v -p codesigning


  • 包含:app ID(AppIDName )、授权文件(Entitlements )、包含公钥的开发证书(DeveloperCertificates )、ProvisionedDevices (可安装设备列表)的签名证书
  • 查看开发配置文件security cms -D -i filepath

     security cms -D -i /Users/devzkn/Downloads/my/IOS开发任务总结/真机调试/xx.mobileprovision

III 、 重签名


3.1 获取证书列表

  • security find-identity -v -p codesigning

3.2 生成Entitlements.plist: 沙盒的配置列表

列出了哪些行为会被允许,哪些行为会被拒绝。在签名的时候,Xcode会将这个文件作为 –entitlements 参数的内容传递给codesign.

  • xcode 的capabilities选项卡上进行的相应权限操作,相关条目也会添加到授权文件。

  • 查询一个应用的授权文件

    ➜  provision git:(master) ✗ codesign -d --entitlements - /Users/devzkn/decrypted/WeChat6.6.0/Payload/ 
    ??qqh<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
    <plist version="1.0">
3.2.1 编译生成目标app,从目标app目录下获取embedded.mobileprovision
  • 获取profile.plist

     security cms -D -i  /Users/devzkn/Library/Developer/Xcode/DerivedData/2018wxrobot-eenymyxpjytdqfhdejnwlypbodwy/Build/Products/Debug-iphoneos/ > profile.plist
  • 使用plistBuddy 从profile.plist 提取Entitlements

    /usr/libexec/plistBuddy -x -c 'print :Entitlements' profile.plist > entitlements.plist
3.2.2 从开发者后台下载PP文件,然后提取授权文件( 略)

3.3 复制xx.mobileprovision 到.app 目录下

3.4 签名

  • 对.app 目录下的所有动态库、插件、watch目录下的extension进行签名

    codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey xxx.dylib
    • 对整个app目录进行签名

      codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey --entitlements entitlements.plist

3.5 打包

  • mkdir -p Payload

  • cp -a ./Payload

  • zip -qr Target.ipa ./Payload



  • 列出可签名证书 security find-identity -v -p codesigning
  • 为dumpecrypted.dylib签名 codesign --force --verify --verbose --sign "iPhone Developer: xxx xxxx (xxxxxxxxxx)" dumpdecrypted.dylib

See Also

  • plistBuddy

    ➜  ~ /usr/libexec/plistBuddy
    Usage: plistBuddy [-cxh] <file.plist>
        -c "<command>" execute command, otherwise run in interactive mode
        -x output will be in the form of an xml plist where appropriate
        -h print the complete help info, with command guide
/Users/devzkn/bin//knpost security Command line interface to keychains and Security framework -t iosre

转载请注明: > codesign