codesign就是创建和管理证书的。下面列举一些基本的操作使用。

可以查看codesign的使用帮助

codesign --help

使用方法的命令

Usage: codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign
       codesign -v [-v*] [-R=<req string>|-R <req file path>] path|[+]pid ... # verify
       codesign -d [options] path ... # display contents
       codesign -h pid ... # display hosting paths

查看签名

比如我们看一下xcode的签名，我们使用 -d -v 参数，-d 是display展示签名信息的意思，-v 是verbose的意思，越多的verbose显示信息越多，通常3个就已经足够了。

codesign -d -vvv WeChat.app 

Executable=/Users/ruicong/Desktop/com.tencent.xin-iOS9.0-(Clutch-2.0.4)/Payload/WeChat.app/WeChat
Identifier=com.tencent.xin
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=1951259 flags=0x0(none) hashes=30483+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=8b199f83297c9d4dfce84acdd247a3d07c2438b5
CandidateCDHashFull sha1=8b199f83297c9d4dfce84acdd247a3d07c2438b5
CandidateCDHash sha256=72a6c8461208c19fe4dafac2454ef5d8b5bc109e
CandidateCDHashFull sha256=72a6c8461208c19fe4dafac2454ef5d8b5bc109ed52220563192135d09d27361
Hash choices=sha1,sha256
CMSDigest=46f2db359a6fb9d3d73dd26585ced3bf8eb94c9bd44397490db199b14fc111d6
CMSDigestType=2
CDHash=72a6c8461208c19fe4dafac2454ef5d8b5bc109e
Signature size=4390
Authority=(unavailable)
Info.plist=not bound
TeamIdentifier=88L2Q4487U
Sealed Resources version=2 rules=21 files=1469
Internal requirements count=1 size=96

上面的签名中没有显示一些额外的信息，比如授权机制 entitements信息 。那么如何显示证书中的其他信息呢，在查看时使用 --entitlements 选项可以查看，比如：

codesign -d --entitlements - WeChat.app 

Executable=/Users/ruicong/Desktop/com.tencent.xin-iOS9.0-(Clutch-2.0.4)/Payload/WeChat.app/WeChat
??qqm<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.developer.networking.wifi-info</key>
    <true/>
    <key>com.apple.developer.siri</key>
    <true/>
    <key>com.apple.developer.team-identifier</key>
    <string>88L2Q4487U</string>
    <key>com.apple.developer.healthkit</key>
    <true/>
    <key>application-identifier</key>
    <string>532LCLCWL8.com.tencent.xin</string>
    <key>com.apple.developer.networking.HotspotHelper</key>
    <true/>
    <key>com.apple.developer.networking.networkextension</key>
    <array>
        <string>packet-tunnel-provider</string>
        <string>app-proxy-provider</string>
        <string>content-filter-provider</string>
    </array>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.developer.networking.HotspotConfiguration</key>
    <true/>
    <key>com.apple.developer.associated-domains</key>
    <array>
        <string>applinks:help.wechat.com</string>
    </array>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.tencent.xin</string>
    </array>
</dict>
</plist>%                                                  

签名

签名使用codesign -s 命令，s就是签名sign的意思

签名需要一个证书，我们可以打开 钥匙串应用 查看我们拥有的证书，或者通过命令行使用security命令访问钥匙串，查找可以签名的证书，

security find-identity -v -p codesigning

 1) 63CDF0F7E792C6037B5D695F55181ABF09E652DD "iPhone Developer: jmhmobile@jchtcorp.com (FRSJUDZYE3)"

为了方便起见，我就创建一个my.app文件。创建文件可以使用 touch 命令

来到桌面
cd ~/Desktop 

touch my.app

查看是否签名

codesign -d -vvv my.app 
my.app: code object is not signed at all

然后签名的时候，指定此证书进行签名就可以了

 codesign -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app 

然后可以使用上的命令查看签名状态

codesign -d -vvv my.app 

Executable=/Users/ruicong/Desktop/my.app
Identifier=my
Format=generic
CodeDirectory v=20200 size=130 flags=0x0(none) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=c51b127800028dd7efa7e802e2d06ef3e7d4d7df
CandidateCDHashFull sha1=c51b127800028dd7efa7e802e2d06ef3e7d4d7df
CandidateCDHash sha256=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29f
CandidateCDHashFull sha256=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29fd6d4ce7afdbd9386dabe138d
Hash choices=sha1,sha256
CMSDigest=6a42110e5b4646ef8d43445d67eacb58561d19069d3dd81e8b943044adf68229
CMSDigestType=2
CDHash=41b6c9c7bbe1eef6d2ed3362d65cadd7b4b5a29f
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 10:36:15 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=168

如果想要重新签名 那么需要加上-f参数，-f的意思是force的意思，如果没有这个参数，签名不会不替换，签名操作会失败。

修改签名参数

• 修改Identifier
  需要使用-i参数

codesign -f -i com.123.ok -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app

my.app: replacing existing signature

新的查看命令

codesign -d --verbose=4 my.app 

修改后的效果

Executable=/Users/ruicong/Desktop/my.app
Identifier=com.123.ok
Format=generic
CodeDirectory v=20200 size=138 flags=0x0(none) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=3567f98200ac467364ca68988cc2a78634454772
CandidateCDHashFull sha1=3567f98200ac467364ca68988cc2a78634454772
CandidateCDHash sha256=ce616778881d96aee0685feca2537a59842e444a
CandidateCDHashFull sha256=ce616778881d96aee0685feca2537a59842e444ab0ed09aadd5557a2b54d9054
Hash choices=sha1,sha256
CMSDigest=2182561168c0a9e6713e6a3bc05e8900e1f1c8d9580cb66971d19275a0a486b3
CMSDigestType=2
Page size=none
CDHash=ce616778881d96aee0685feca2537a59842e444a
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 10:53:48 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=176

• 修改flags
  使用参数-o

codesign -f -o 0x2200 -s "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" my.app 
my.app: replacing existing signature

Executable=/Users/ruicong/Desktop/my.app
Identifier=my
Format=generic
CodeDirectory v=20200 size=130 flags=0x2200(kill,library-validation) hashes=0+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=846ba07c34cc5eeba1a8c72f013e38d68e6692f1
CandidateCDHashFull sha1=846ba07c34cc5eeba1a8c72f013e38d68e6692f1
CandidateCDHash sha256=c52557fade71316712b74e6b37d22bed92267b9c
CandidateCDHashFull sha256=c52557fade71316712b74e6b37d22bed92267b9c39963f5d350d9bad7d7e5cc6
Hash choices=sha1,sha256
CMSDigest=299e7fc5bf844fc261cade3fef2538c4ce6e821053cbde9cb47d19e9a3fdd047
CMSDigestType=2
Page size=none
CDHash=c52557fade71316712b74e6b37d22bed92267b9c
Signature size=4797
Authority=iPhone Developer: 812883574@qq.com (8QLSY8DC93)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Sep 24, 2020 at 11:03:20 AM
Info.plist=not bound
TeamIdentifier=263Y58BPS8
Sealed Resources=none
Internal requirements count=1 size=168

• 重新签名framwork
  1.先cd到framwork目录下

cd Frameworks 

2.然后查看有多少个库要签名，最后一个一个进行重签名

ls

OpenSSL.framework       andromeda.framework     marsbridgenetwork.framework
ProtobufLite.framework      mars.framework          matrixreport.framework

codesign -fs "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" OpenSSL.framework

给不是可执行文件，

上可执行文件权限
先cd到WeChat.app目录下

chmod +x WeChat

查看描述文件

security cms -Di embedded.mobileprovision

对app包进行签名

1.先得在xcode中创建一个plist文件，然后把描述文件中的授权文件拷到这个plist文件中，然后把这个plist文件拷贝到和WeChat.app一起
这里的 no-strict 是不严谨的，--entitlements=en.plist权限文件来自哪个文件

codesign -fs "iPhone Developer: 812883574@qq.com (8QLSY8DC93)" --no-strict --entitlements=en.plist WeChat.app