Common Tasks Relating to Codesigning and Provisioning Profiles

Extract a .app from a .ipa

$ unzip MyApp.ipa

Then find the “.app” bundle in the Payload directory.

Find code signing identities in your login keychain

$ security find-identity -p codesigning

Add -v and you’ll see only valid identities.

Find the signing certificate used in a code signature

$ codesign -v -d --extract-certificates MyApp.app

The certificate chain will then be in a set of files starting with codesign0 and probably going to codesign2. codesign0 is the signing identity, and codesign1 and codesign2 are the issuing certificate authorities. Add the .der extension to these files and then use Quick Look to see the certificate info.

Find the entitlements used in a code signature:

$ codesign -v -d --entitlements entitlements.plist MyApp.app

Then take a look at the entitlements.plist file. Remember that this must be a subset of entitlements granted in the provisioning profile.

Standard