Signing the Application on iOS

An XCENT file is necessary to sign the application; this file is located inside the binary and can be found by exploring the content of the application folder. If this file is not part of the binary, you can create it manually.

To manually create an XCENT file

1. Open the provisioning profile and copy the dictionary (i.e. <dict>…</dict>) located below the entitlement key (i.e. <key>Entitlements</key>).

2. Create the XCENT file with the following content:

   • Header:

     <?xml version="1.0" encoding="UTF-8"?>
     <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
     <plist version="1.0">

   • Body: Paste the content of the copied dictionary (i.e. <dict>…</dict>).

   • Footer: </plist>

   <?xml version="1.0"encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plistversion="1.0">
     <dict>
       <key>keychain-access-groups</key>
       <array>
         <string><bundle_seed_id>.*</string>
       </array>
       <key>get-task-allow</key>
       <false/>
       <key>application-identifier</key>
       <string><bundle_seed_id>.<bundle_identifier></string>
       <key>com.apple.developer.team-identifier</key>
       <string><bundle_seed_id></string>
      </dict>
   </plist>

   Where:

   bundle_seed_id is the bundle seed ID associated with your application (e.g. 8E549T7128).

   bundle_identifier is the bundle identifier associated with your application (e.g. com.apple.AddressBook).

If the application needs to be tested with TestFlight, the XCENT file must contain the flag beta-reports-active, set to true.

If you need to re-sign the application, extract the APP folder from your .ipa file.

To extract the APP folder

1. Convert the .ipa file into a ZIP file.

2. Extract the contents of the ZIP file.

   The APP folder is located in the Payload folder.

To sign the APP folder

When performing the steps provided below, avoid clicking into and/or navigating through the .ipa/ZIP file (using Finder)!

Clicking into/navigating through this file may cause the system to automatically create a hidden file (.DS_Store) which will result in a submission error in the app store due to a missing signing ID.

• Re-sign the frameworks by executing the following command:

  codesign --verbose --force --sign '<signing_identity>' <app_folder_path>/Frameworks/*.framework

• Re-sign the iOS application by executing the following command:

  codesign --verbose --force --sign '<signing_identity>' --entitlements <xcent_file_path><app_folder_path>

  Where:

  • signing_identity is the name of the certificate used to sign your iOS application, as displayed in the Keychain Access application (e.g. iPhone Developer: FirstName LastName (xxxxxxxxxx)).

  • xcent_file_path is the path of the XCENT file.

  • app_folder_path is the path of the APP folder shielded with App Shielding.

If issues related to the signing process arise during application execution, the following command can be used to retrieve the entitlements data used by the application:

codesign -d --entitlements :- <app_folder_path>

To recreate the IPA file

1. Create a Payload folder and copy the APP folder to this directory.

2. If you are re-signing a Swift binary, please add the SwiftSupportand Symbols directories (if symbols were generated during IPA generation) from your build result at the same level as the Payload folder (your zip archive should contain both the Payload and the Swift symbol at the root level).

3. Compress the Payload file and add an .ipa extension.