Apple code signing, in plain English

A provisioning profile that signs builds for a fixed list of registered iPhones, iPads, Apple TVs, or Apple Watches. The only way to ship a build outside TestFlight on iOS without an Enterprise membership.

A .p8 private key created in the Apple Developer portal that authenticates token-based push notification sending to APNs. One key serves every app on your team and does not expire.

An identifier registered in your Apple Developer account that combines your Team ID with your Bundle ID and declares which capabilities your app uses.

Apple's web console for managing App Store and TestFlight submissions, App Store Connect API keys, in-app purchases, builds, testers, and team access. Distinct from the Apple Developer portal.

A three-part credential (Key ID, Issuer ID, and .p8 private key) Apple issues to authenticate non-interactive access to the App Store Connect API. The modern replacement for sharing Apple ID passwords.

A provisioning profile used to sign builds for TestFlight and App Store submission. No device list, paired with an Apple Distribution certificate.

Apple's $299/year program that lets large organizations distribute proprietary iOS, iPadOS, and tvOS apps directly to their own employees without going through the App Store.

Apple's paid membership program ($99/year) that lets a company or individual sign apps, distribute through the App Store and TestFlight, and access betas of Apple's developer tools.

An Apple-issued certificate that lets a developer sign builds for running and debugging on their own registered devices, but not for distribution.

An Apple-issued certificate that signs builds for TestFlight, the App Store, Ad Hoc distribution, and Mac App Store submission.

A single Apple-wide identity used to sign in to iCloud, the App Store, App Store Connect, and the Apple Developer portal. Distinct from a Team ID or Bundle ID.

The reverse-DNS string in your app's Info.plist (`com.example.app`) that uniquely identifies it on the App Store and on every device it installs on.

The process of attaching a cryptographic signature to a binary so the operating system can verify who built it and that nothing has changed since. Required for every app shipped on Apple platforms.

Umbrella term for any Apple-issued certificate used to sign a binary, installer, or push token. Covers Apple Development, Apple Distribution, Developer ID, APNs, Pass Type ID, and Mac Installer certificates.

Apple's command-line tool that signs a binary or bundle, and verifies an existing signature. Lives at `/usr/bin/codesign` on macOS and is what xcodebuild calls under the hood.

A file containing a public key and team identity, signed with the matching private key. You upload it to Apple to be issued a certificate. The private key never leaves your machine in the process.

An Apple-issued certificate that signs Mac apps distributed outside the Mac App Store, so Gatekeeper and notarization can verify them on first launch.

A provisioning profile that lets developers run, debug, and test a build on their own registered devices. Tied to an Apple Development certificate and a device list.

Apple's declarative permission system. An entitlements file lists the system capabilities (push, App Groups, iCloud, HealthKit, Sign in with Apple, etc.) your app is allowed to use, and is embedded into the code signature.

A fastlane action that stores Apple signing material (certificates, private keys, provisioning profiles) in a shared, encrypted git repo so every developer and CI runner can pull the same identities.

A macOS code signing option that opts a binary into stricter runtime protections (no unsigned memory execution, library validation, no code injection) and is a prerequisite for notarization.

A provisioning profile issued by an Apple Developer Enterprise Program account that installs on any iOS device without going through TestFlight or the App Store. Reserved for internal distribution to your own employees.

The pre-unified Apple distribution certificate type that signed builds specifically for iOS, iPadOS, tvOS, and watchOS. Replaced by the unified Apple Distribution certificate.

An iPhone Application Archive: a renamed ZIP archive containing a signed .app bundle in a `Payload/` folder. The format Apple expects for App Store, TestFlight, and Ad Hoc distribution.

macOS's built-in encrypted store for passwords, certificates, and private keys. Xcode and codesign read signing identities from it.

The file format Apple uses for provisioning profiles: a CMS-signed plist containing the profile's metadata, certificates, device list, and entitlements.

Apple's automated malware scan and signature attestation for Mac apps distributed outside the App Store. Required for Gatekeeper to launch a downloaded app without warnings on modern macOS.

A PEM-encoded private key file used for two specific Apple authentication flows: App Store Connect API keys and APNs auth keys. Has no expiration and no companion certificate.

A password-protected file format that bundles a certificate and its matching private key together. The standard way to move an Apple signing identity between machines.

The secret half of a key pair. Whoever holds the private key for a code signing certificate can sign builds as that developer. Lose it and you cannot rotate; leak it and someone else can sign as you.

A signed plist Apple issues that links a specific App ID, signing certificate, list of devices (for development and Ad Hoc), and entitlements. Without a matching profile, iOS will refuse to launch your build.

A 10-character alphanumeric identifier (e.g. `ABCDE12345`) that Apple assigns to every Apple Developer Program team. Embedded in every certificate, profile, and signed binary you ship.

Apple's built-in beta-testing service for distributing signed builds to up to 100 internal team members and 10,000 external testers, before submitting to the App Store.

A 25 or 40 character hexadecimal identifier that uniquely identifies an Apple device. Required to register an iPhone, iPad, Mac, Apple Watch, Apple TV, or Vision Pro for Development and Ad Hoc provisioning.

Apple's intermediate certificate authority that signs every Apple Developer certificate. It chains every developer signing identity back to the Apple Root CA.

The bundle Xcode produces from `xcodebuild archive`. Contains the signed .app, dSYM symbols, build info, and the inputs needed to export an IPA for any distribution method.