Signing your iOS App

Before the app can be installed onto a phone, it needs to be signed and the entitlements set in the app. The bundled README-post-protection.txt file included when downloading the protected app provides details on how to do this.

After extracting all files in the protected XCarchive you should see something like:

/tmp/protected $ tar xf Molecules-protected.tar.gz

/tmp/protected $ ls

Entitlements-Molecules.plist Molecules-protected.tar.gz

Molecules-protected.XCarchive README-post-protection.txt sign_archive.sh

To ensure valid signing, a script with code sign command(s) was auto-generated and packaged along with the archive - this signing script must be used to ensure the protected app works correctly.

The script requires a valid signing identity (private key plus certificate) to be passed in. If required, you can check available signing identities by using the following command:

/tmp/protected $ security find-identity -v -p codesigning

Next, run sign_archive.sh script using the following command. It’s important that the script is running from the folder where the protected archive is located, because the auto-generated script uses relative paths.

$ ./sign_archive.sh <identity>

In the above, <identity> is a valid code signing identity from your keychain.