In my last post I described what you should do when you lose your certificate’s private key and what the effects are of the remedy. Whilst searching around the internet for the solution to this problem, it was apparent to me that there is a general lack of understanding of the development and distribution certificates. Hence
For a good step by step article on how to deploy your app to a real device, please see this link. Note that you should only use the provisioning assistant the first time as you only need one development certificate even if you are deploying to multiple devices.
To start from the top, we need to talk briefly about the RSA algorithm. Discovered in the 1970s, it forms the foundation of almost all modern network security protocols. It’s not necessary to go into too much detail as the mathematics behind the algorithm is complex (not that I don’t understand it of course 
). It’s only important to understand the high level concepts so that it makes the deployment process less of a mystery and easier to to solve any problems you may encounter.
What are these public/private keys?
The public and private keys are essential components of the RSA algorithm. Basically these are key pairs used to either encrypt and decrypt or sign messages. As the names suggests, the public key is distributed out to everyone so that they can decrypt any messages that you have encrypted using your private key. The other usage of the key pair is for message signing or to be more specific in this case, code signing. Before you submit your app to Apple, you will need to sign it with using your private key, so that Apple can verify the app is from you.
Both public and private keys are created on your local machine when you make a certificate signing request from Keychain Access. You can see your newly created keys if you select your login keychain under the “Keys” category. IMPORTANT: the private key is only kept by yourself and so cannot be recovered if lost or deleted, so do make sure you have a back up just in case. I created some test keys below for illustration purposes: -
You can also see my current public and private keys line items I have for development and distribution.
What are these certificates?
The next step is to send your request to Apple so that your certificate can be created. Certificates links your public key to your identity so that when Apple receives your app they know what public key to use to verify that it was from you. In this case Apple is the receiver and the Certificate Authority (CA). CAs are used in Public Key Infrastructures to distribute out public keys and certificates to users, they need to be trusted sources otherwise the whole security system would break down. Obviously Apple will trust itself in this case =).
Once the certificate is created by Apple, you can download it and link it back to your private key. You will see an arrow to the left of your private key in Keychain Access, if you have done this correctly. Now that you have successfully created your development or distribution certificate, you will be able to use it to create a provisioning profile so that you can deploy your app to test on a real device or to Apple for distribution.
Hopefully you will now understand why you need to code sign your application and the role the keys and certificates play in this.
Please feel free to add a comment if there is anything unclear.
Hobart.
After its success on the Android Market, Maximus Discus is now out on the Apple App Store!! Download a copy here!
Our unique action strategy game Squidge Rush is also now on sale on the App Store. You can download a copy here.
Follow us on Twitter for latest development news!
Squidge Rush Twitter feed
Maximus Discus Twitter feed
