Security Overview

Code Signing Overview:

To create a digital signature, the signing software computes a special type of checksum called a hash (or digest) based on a piece of data or code and encrypts that hash with the signer’s private key. This encrypted hash is called a signature.

hash（根据数据或者代码计算出一种具体类型的效验和）

用签名者的私钥将 hash  加密

To verify that signature, the verifying software computes a hash of the data or code. It then uses the signer’s public key to decrypt the signature, thus obtaining the original hash as computed by the signer. If the two hashes match, the data has not been modified since it was signed by someone in possession of the signer’s private key.

效验签名的目的就是确保用自制私钥签名后的数据没有被修改

Code Requirements：

The criteria used to evaluate a code signature are called code requirements.

更新有效，跟先前的版本是the same app

To use a certificate for signing, you need the private key, so that your code signing certificates will show up in this list.

If you have a private key for a certificate, you can unfold the certificate to show the private key: