iOS Certificate - Imtiaz211/interviews GitHub Wiki

Creating an SSL Certificate and PEM file

  1. SSL (Secure Sockets Layer)
  2. CSR (Certificate Signing Request)
  3. Push Notification delegate Methods didRegisterForRemoteNotificationsWithDeviceToken.

push_notification

What is a .p12 certificate?

File containing a digital certificate that uses PKCS#12 (Public Key Cryptography Standard #12) encryption; used as a portable format for transferring personal private keys or other sensitive information; used by various security and encryption programs.

Development Signing Certificate?

A signing certificate is the first requirement you need in order to be able to sign apps for installation on iOS devices. Specifically, you need a development certificate, which lets an individual install and run an app on a device.

Distribution Certificate?

A distribution certificate identifies your team/organization within a distribution provisioning profile and allows you to submit your app to the Apple App Store. A .p12 file contains the certificates Apple needs in order to build and publish apps.

Push Notification payload Size?

In iOS 8 and later, the maximum size allowed for a notification payload is 2 kilobytes; Apple Push Notification service refuses any notification that exceeds this limit. (Prior to iOS 8 and in OS X, the maximum payload size is 256 bytes.) As per the updated Apple docs the size is 4KB. APNs refuse notifications whose payload exceeds the maximum allowed size.

What is SKU?

SKU stands for Stock-keeping Unit. It's more for inventory tracking purposes. The purpose of having a SKU is so that you can tie the app sales to whatever internal SKU number that your accounting is using.

What is Remote Notification Attachment’s Limit?

We can send a video or image with push notification. But the maximum payload is 4kb. If you want to send high quality attachments, we should use push Notification Service Extension.

Certificate creation process.

  1. Login to your developer account.
  2. Go to Identifier Register your app id, with wildcard or explicit type.
  3. Go to keychain authority and request a Certificate Sign Request.
  4. Upload SRC to developer account and generate p.12 file.
  5. Go to certificate create development or production.
  6. Download development or production certificate.
  7. Note: push notifications don’t work with wildcard app IDs. If you need to test push notifications, you need an explicit app ID (no *).

Push notifications have become more and more powerful since they were first introduced. In iOS 9, push notifications can

  1. Display a short text message.
  2. Play a notification sound.
  3. Set a badge number on the app’s icon.
  4. Provide actions the user can take without opening the app.
  5. Be silent, allowing the app to wake up in the background and perform a task.
  1. A silent push notification is a notification that doesn’t display an alert, play a sound, or badge your app’s icon. It wakes your app in the background and gives it time to perform some actions.

General Information related to Push Notification

  1. Push notifications do not work in the simulator, so you’ll need an actual device.
  2. There are three main tasks that must be performed in order to send and receive a push notification: - The app must be configured properly and registered with the `Apple Push Notification Service (APNS) to receive push notifications upon every start-up. - A server must send a push notification to APNS directed to one or more specific devices. - The app must receive the push notification; it can then perform tasks or handle user actions using callbacks in the application delegate. - Tasks 1 and 3 will be the main focus of this push notifications, since they are the responsibility of an iOS developer.
  3. Push notifications require a lot of security.
  4. The first step is to change the App ID. Go to App Settings -> General and change Bundle Identifier to something unique Every certificate is just a usual pair of private and public keys. When you generate a new certificate, you actually save a private key on your machine, and send a part of the public key to Apple. Then Apple generates a key by itself, and sends you a public key as a result. If you changed a machine and now don't have a private key on your new machine, Xcode is unable to sign your application with your certificate. Because you can only download a public key from the developer portal. So if you used "Automatic manage signing" Xcode made the decision to recreate a certificate, because it couldn't find a private key. All this process is the same for a Private team, and for an iOS developer program. You can export your old certificate with a private key from your old machine before you try to sign something, so you don't need to revoke old certificates.
  5. A development certificate is required to test your app on a device before submitting it to the app stores. It is only good for testing, you cannot use it to submit to the app stores. (You can’t use production certificates for testing, in case you were wondering). 6. The Apple Developer Enterprise Program allows large organizations to develop and deploy proprietary, internal-use apps to their employees. This program is for specific use cases that require private distribution directly to employees using secure internal systems or through a Mobile Device Management solution.

Next, you need to create an App ID in your developer account that has the push notification entitlement enabled. Luckily, Xcode has a simple way to do this. Go to App Settings -> Capabilities and flip the switch for Push Notifications to On.

  1. App registered with iOS for push notification.
  2. Device gets the push token from the APNS service.
  3. Token is given to the app.
  4. App sends the push token to its service/provider.
  5. Whenever the provider needs to send notification to the device, it sends a payload to the apps along with the token it receives.

SSL Pinning?

  1. SSL pinning stands for Secure Socket Layer. SSL certificate creates a foundation of trust by establishing a secure connection. This connection ensures that all data passed between the web server and browsers remain private and integral. SSL certificates have a key pair, which is a Public and Private key.
  2. These keys work together to establish an encrypted connection.
  3. The structure of certificate uses X.509 standards. X.509 is defined by the International Telecommunication Unions’s standardisation sector. A Certificate Authority(CA) can issue a certificate or it can be self-signed
  4. A Digital Certificates holds many informations - - 1. Subject - 2.Serial Number - 3. Issuer - 4. Valid From - 5. Valid To - 6. Public Key - 7.Algorithm Identifier - 8. Digital Signature - 9.Version - 10. TimeStamp

[!IMPORTANT]: Notes:PEM(Privacy Enhanced Mail): A Base-64 encoding, whose file extension is .pem. The certificate information is enclosed between “ — — -BEGIN CERTIFICATE — — -” and “ — — -END CERTIFICATE — — -” PKCS(Public-key cryptography standards ): Used to exchange public and private objects in a single file. Its extensions are .p7b, .p7c, .p12 etc. DER(Distinguished Encoding Rules): A binary encoding, whose file extensions are .cer, .der and .crt. SSL pinning allows the application to only trust the valid or pre-defined certificate or Public Key.

AdHoc Certificate

The Ad-Hoc certificate allows you to build your app to run on a predetermined list of devices. There are a couple big caveats though: You need the UDID of every device you want the app to run on. The user needs to install the provisioning profile for the app as well as the device manually.