How to tell what profile/signing certificate was used to sign .ipa?

Question

I have a bunch of .ipa files and I\'ve used a script to resign them.

So how can check the provisioning profile/signing certificate to conform they are using the corr

Answer 1

If you are trying to determine if a specific certificate was used to sign an .ipa, you can do the following:

If you are comfortable with python, you can use this script that I created to compare the certificate(s) embedded in the .ipa to one that you have.

https://gist.github.com/ronsims2/1b7a8b9e15898f9406788988106b2f78

python ipa_cert_checker.py /Users/janedoe/Dcouments/Foobar.ipa /Users/janedoe/Dcouments/barfoo.cer

Alternatively, you can do what the script does manually from the command line of your Mac.

1. Unzip the IPA archive. It will produce a folder called "Payload".

   unzip Foobar.ipa

2. Read the embedded provisioning information. Note the package/folder inside of the Payload directory is named the same as the .ipa except with the .app extension.

   security cms -Di Payload/Foobar.app/embedded.mobileprovision

In the output of the above command, the certificate(s) are embedded in the array data elements associated with the key "DeveloperCertificates" as a base64 string. 3. Copy the certificate(s) (do not include the xml tags and make sure there is no extra whitespace) and save them to a convenient location as text. In this example I will call it "cert_from_foobar.txt"

4. Base64 encode the known certificate and save the output to a file.

   base64 barfoo.cer > barfoo.txt

5. Compare the known certificate to the embedded one(s) you saved. cmp cert_from_foobar.txt barfoo.txt || echo 'These files are NOT the same.'

If they are the same you will not see any message.