Signing your iOS App
Before the app can be installed onto a phone, it needs to be signed and the entitlements set in the app. The bundled README-post-protection.txt file included when downloading the protected app provides details on how to do this.
After extracting all files in the protected XCarchive you should see something like:
/tmp/protected $ tar xf Molecules-protected.tar.gz
/tmp/protected $ ls
Entitlements-Molecules.plist Molecules-protected.tar.gz
Molecules-protected.XCarchive README-post-protection.txt sign_archive.sh
To ensure valid signing, a script with code sign command(s) was auto-generated and packaged along with the archive - this signing script must be used to ensure the protected app works correctly.
The script requires a valid signing identity (private key plus certificate) to be passed in. If required, you can check available signing identities by using the following command:
/tmp/protected $ security find-identity -v -p codesigning
Next, run sign_archive.sh script using the following command. It’s important that the script is running from the folder where the protected archive is located, because the auto-generated script uses relative paths.
$ ./sign_archive.sh <identity>
In the above, <identity> is a valid code signing identity from your keychain.
Updated 13 days ago