I have a bash script that builds and signs my iOS apps for adhoc over-the-air distribution to testers.
The signing process requires that the keychain be unlocked, which means storing the password in plain-text in my script. I'd rather this not be the main keychain (login) and create a separate keychain just for these keys/certificates where the password isn't that big of a deal.
I can create the new keychain and put all the keys/certs in there, but xcode 4 seems to only look in the login keychain. Is there a way to change this, or am I doing something else wrong?
You can create a separate keychain, and xcode 4 (at least, I just tested and confirmed with xcode 4.5 on mountain lion) will look not only in the login keychain, but all keychains, including the new keychain.
So it is good, and you can store just the keys/certs that you need in the new keychain.
Related
I am working in project which is already in Appstore submitted by different developer. Now I am trying to submit updated version of the app with different version and build number. I can't able to access previously stored keychain values.
Here is the steps I did
Revoked the old Distribution certificate created by another person and created a new one with my machine.
Regenerated Provisioning Profile which is used by previous developers
Code signed and submitted to App Store
Downloading old build from App Store
Installing the updated build from test flight
Now I can't able to access keychain values already stored.
Now what can I do to retrieve the old keychain value? I have also checked the team ID for Keychain group access it is same as old one. Is there any way I can retrieve the old keychain values.
Here is brief answer which may help you to resolve your issue :
keychain group which is tied your team identifier. So, basically,
access to keychain after app updates depends on distribution
certificate you use, not on the provisioning profile
So if you are saying you revoke all old certificate and the one with the new certificate ( that you created ) that access to keychain groups will be lost for this version.
Finally I got a solution from apple guides
Note: In iOS, Keychain rights depend on the provisioning profile used
to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html
We received the email from Apple: Your iOS Development certificate has been revoked.
There are answers on SO about how to restore your cert (1, 2) but I have some other questions
Why did it get revoked? What I did is try to run our app on my iPhone. I'm doing this for the second time - this time on a new MacBook to a new iPhone. Is this the issue that triggered the email?
What is the significance of this email? I can still run the app on the same iPhone. Uninstalled it and reinstalled it and it worked fine. Is there really an issue?
Every certificate is just usual pair of private and public key. When you generate a new certificate, actually you save a private key on your machine, and send a part of public key to Apple. Then Apple generates a key by itself, and send you a public key as result (see Diffie–Hellman key exchange).
If you changed a machine and now don't have a private key on your new machine, Xcode is unable to sign your application with your certificate. Because you can only download a public key from the developer portal. So if you used "Automatic manage signing" Xcode took decision to recreate a certificate, because it couldn't find a private key. All this process is same for a Private team, and for iOS developer program. You can export your old certificate with private key from your old machine before you try to sign smth, so you don't need to revoke old certificate.
As for email, Apple just notifies you that your old certificate has been revoked, and it can't be used to sign apps now. Just like it written. It could been revoked because has been expired, or somebody else has revoked it (e.g. it was you). So to keep you informed, Apple sent you such email.
I think what happened is is that when you ran it from a new Macbook you downloaded the new certificate there, and when you did that, Apple revoked your current one and made a new one. We had something like this happen at where I work.
Maybe you don't import the Development certificate to your new Macbook. So when you run app to your phone with Xcode, Xcode will detects an issue with a signing identity. From the developer site:
If Xcode detects an issue with a signing identity, it displays an appropriate action in Accounts preferences. If Xcode displays a Create button, the signing identity doesn’t exist in your developer account or on your Mac. If Xcode displays a Reset button, the signing identity is not usable on your Mac—for example, it is missing the private key. If you click the Reset button, Xcode revokes and re-creates the corresponding certificate.
So, maybe Xcode revoke the certificate.
Because you have a new certificate on your new Macbook, so you can still run your app. But when you work on your old Macbook, the certificate on your old Macbook has been revoked, Xcode can't compile your app to run on your phone.
Once you create a new certificate you need export it from Xcode-> Preferences->Accounts->YourAppleID->ViewDetails->Right click the certificate->Export.
Then your can import it on a new Macbook without revoke it and create a new one.
What's happen to data stored in keychain when user update his iOS version to new system ? i.e user have ios 6 and stored some information from my App in Keychain, are those information will be still avaiable after install ios 7 ??
BR
Kivu
Nothing will happen to data in KeyChain, keychain persists even after the app is removed, it is linked to AppID and the access rights depend on the provisioning profile used when signing your application.
On iPhone, Keychain rights depend on the provisioning profile used to
sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application
After my customers upgraded to a new version of my App using KeyChain.... under iOS7 they lost all the information.
I've found a lot of information about this, but nothing that quite helps me with my situation. I lost my hard drive a few weeks ago. I've since bought and configured a new system, but now I have to drop a new version of an app in the app store. I've re-downloaded 3 certificates, including the distribution cert, and the distribution profile, but XCode reports that my distribution profile is invalid (specifically, "Valid signing identity not found").
After a lot of searching and reading, it seems that the issue is a missing private key, but I have no idea how to rectify that. I do have a recent (SuperDuper) backup of the old machine, but opening the old Keychain Access app only shows me what's on my current machine (or so it appears -- I don't see anything different). That would be my only window for retrieving the old key. Ditto opening the old copy of XCode and looking at its Organizer.
If I try to revoke my existing distribution cert, I get warned that all of my existing apps (all of which are signed with that cert) will cease to function. I definitely don't want that.
Do I have any options here? Apple's system of certs and profiles admittedly baffles me so I'm hoping that there's some kind of recourse for re-establishing contact with my distribution key or creating a new cert without completely hosing up everything that already exists.
Opening the old Keychain Access app didn't work because it loads all the data from the compute it's running on. What you'll need to do is get the old .keychain file and open it with Keychain Access.
In your backup, find /Users/USER_NAME/Library/Keychains/login.keychain and make a copy of it. Next, you'll want to rename it to something else like oldlogin.keychain to prevent it from conflicting with your new login keychain. Then just double click on oldlogin.keychain to open it Keychain Access. It may ask you for a password to access the keychain, it should be your login password from before you lost your hard drive. Once its unlocked, you can drag anything you want from oldlogin to login including the private key.
I've generated distribution provisioning profile for my ios app, but I cannot sign my application with it, I get this error:
profile doesn't match any valid certificate/private key pair in the default keychain
The developer certificates works well, I can upload my apps to my tests devices,
but I've noticed this warning for distribution profile: Valid Signing identity not found
Can this be a source of my problems for distribution provisioning profile or is this expected warning?
and I suspect that it forbid me from signing the app for the app store upload
I'm pretty sure that I've made all my bundle (app?) identifiers consistent
There are two sets of public and private keys you need to have in your keychain.
One of them will be prefixed with "iPhone Developer:" and the other "iPhone Distribution:".
Make sure both are in your keychain by opening the Keychain Access application within your "/Application/Utilities" folder. If you don't see both, then there's your problem (and you'll need to import your keys from another machine that does have the keys installed).
Don't Lose you keys!
If you bought a new computer and did not export your keys and you don't have the computer your S.O.L. you have to start the process all over again.