AppResigner: Easily re-sign iOS apps

09.29.10 Posted in iOS, iphone by

Code-signing during iOS app building is an integral part of the development process. Apps can only run on your iOS device if it has a provisioning profile which contains its UDID, and the app’s bundle identifier matches the profile’s app ID. The app must also be digitally signed with a certificate tied to that profile.

This signing process is used to maintain the integrity of the app during distribution. If you make an app build and modify anything in the app’s bundle, the app won’t install / run on an iOS device. iOS will see that the digital code signatures are no longer valid for that bundle. A potentially good thing to ensure the end-user isn’t getting a tampered app, but the process can be somewhat of a headache if you’ve got a compiled app you just want to run on devices not associated with the original provisioning profile / certificate combination.

It’s actually pretty easy to re-sign an app with a different signing identity / certificate using the codesign command-line tool.  You give it the name of the signing identity and point it at an app, and it will regenerate the code signatures based on the certificate (assuming a valid one is found in your keychain). This is basically what Xcode does during the build process.

Since I do this pretty often, I decided to cobble together some AppleScript and make a droplet app that will automate the process even more. It’s called AppResigner.

Download it and stick it in your Dock. Then all you need to do is drag your built app onto the AppResigner icon, enter the destination signing-identity you want the app to be resigned with, and you’re done. You can also launch the app manually and select the app from there.

Where can you find the name of your destination signing identity? Open up Keychain Access and search for the certificate you want to resign with. The name of that certificate is the identity, e.g. “iPhone Developer: Brian Gorby (3EYPQ8N3KM)”. You can also just enter part of the name rather than the whole thing, so long as there’s only one certificate that matches that pattern.

If your destination certificate is in a locked Keychain, Keychain Services will intercept the process and prompt you for a password to unlock it.

I’m pretty sure you can’t (and shouldn’t) use this tool to resign an app with an App Store distribution certificate. However it works fine converting to-and-from Ad-Hoc distribution, In-House distribution, and developer certificates.

Hope you find it useful. Let me know if you run into any issues with it.

UPDATE: Nov 2, 2010 – Uploaded a new version that adds support for file-paths with spaces.
UPDATE 2: Feb 15, 2011 – Source now available on GitHub.

Comments are closed.