iPhone:如何/是否将我现有的私钥包含在新证书中?
简短版本:
我是否有必要甚至可能根据我现有的私钥生成新的分发证书,或者对于新应用程序和应用程序商店中现有应用程序的更新没有任何损害,用新的私钥生成新的证书?
长版:
在我看来,iPhone 开发者计划用户指南中有关私钥和分发证书过期的信息存在冲突/误导性信息。
一方面,它说你应该用生命来保护你的私钥,并保留一份它的副本,以便在更换开发者机器时可以在新机器上使用它。我的理解是,您必须以某种方式保留您的一个真正的私钥(即,在请求第一个证书时为您的公司生成的第一个私钥),并永远使用它(至少,一旦您部署了应用程序,就永远使用它)并将其带到 App Store)。
另一方面,它告诉您分发证书将在一年后过期,您只需在需要时请求新的分发证书即可。对我来说有意义的是,如果他们在后面加上一个开头的段落,“因为在请求新证书时使用原始私钥对您来说至关重要,所以以下是您如何请求从预先创建的证书”现有的私钥...”但是没有这样的段落,经过搜索我还没有听说过这样做的方法。
stackoverflow 上有一个密切相关的帖子: Lost iPhone 分发证书的私钥。有什么解决方案吗?
该问题的答案似乎表明,当分发证书丢失或过期时,您可以撤销它并创建新的分发证书,并且不会影响您当前在应用程序商店中的应用程序,并且您可以继续使用新证书发布新应用程序,而 Apple 不会说“嘿,您与以前不同了。”
该帖子未回答的一个关键问题是,是否可以使用与之前发布应用程序时不同的证书/密钥来更新应用商店中的现有应用程序。但我在其他地方听说这也是可能的。
所以归根结底是:苹果公司让你的私钥听起来像是你的私钥确实可以识别应用程序来自你公司的东西,这是否具有误导性?真的只是您的应用程序 ID 加上登录开发门户和 itunesconnect 的凭据来识别您的公司和应用程序吗?
Short version:
Is it necessary or even possible for me to generate a new distribution certificate based on my existing private key, or is there no harm, both for new apps and updates to existing apps on the app store, to generate a new certificate with a new private key?
Long version:
It seems to me that there is conflicting/misleading information in the iPhone Developer Program User Guide regarding private keys and distribution certificate expiration.
On the one hand, it says that you should guard your private key with your life, and keep a copy of it so that you can use it on a new machine if you change developer machines. My understanding was that somehow you must hold onto your one true private key (i.e., the first one you generate for your company when requesting your first certificate), and use it forever (at least, use it forever once you've deployed an app with it to the App Store).
On the other hand, it tells you that distribution certificates expire after one year and you can simply request a new distribution certificate when you need one. What would make sense to me would be if they followed that with a paragraph that started "Because it is critical for you to use your original private key when requesting your new certificate, here is how you request a certificate that is created from a pre-existing private key..." But there is no such paragraph and after searching I haven't heard of a way to do that.
There is this closely related post on stackoverflow: Lost Private Key For iPhone Distribution Certificate. What could be solutions?
The answers to that question seem to indicate that when a distribution certificate is lost or expired, you can revoke it and create a new one and there is no affect on your apps currently on the app store, and you can continue to publish new apps with your new certificate without Apple saying "Hey, you aren't the same company as before."
One key question left unanswered by that post is whether it's possible to update existing apps on the app store using a different cert/key than the one the apps were previously published under. But I have heard elsewhere that that's possible also.
So it boils down to: Is it misleading for Apple to make it sound like your private key is really the thing that identifies an app as being from your company? Is it really just your app id plus your credentials for logging in to the development portal and itunesconnect that identify your company and your apps?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以生成一个新的私钥,并在不中断应用程序的情况下使用它。我从第一手经验中知道这一点 - 因为我丢失了密钥,不得不使其无效,并重新生成一个新密钥 - 之后我需要签署对我的两个现有应用程序的更新(使用旧密钥签名) - 并且向 AppStore 提交更新。
无论是在密钥被撤销后现有的应用程序,还是在人们更新后的新更新,都没有出现中断。在应用程序更新期间,应用程序中的用户数据也没有丢失。简而言之,一切都完全无缝。
有一个主题正在讨论推送通知是否会继续正常工作(如果您的应用程序使用它们)。但我不能这么说。
You can generate a new private key, and use it with no interruptions to your applications. I know this from first-hand-experience - as I lost my key and had to invalidate it, and regenerate a new one - after which I needed to sign an update to two of my existing applications (signed with the old key) - and submit the for updates to the AppStore.
There were not disruptions - either to existing apps after the key was revoked - or to the new updates, after people updated them. No user-data in the application was lost during the application update either. So in-short, everything was completely seamless.
There was one topic being discussed whether push notifications would continue to work properly (if you app uses them). I can't speak for that, though.