Apple, your signature please

28 08 2018

Every once in a while we can read news like this:

“Apple has stopped signing iOS X.y.
iPhone, iPad, and iPod touch owners who have upgraded to the latest version will no longer be able to downgrade to earlier versions of iOS.”

iOS versions – like all other software coming from reliable sources – are distributed over the Internet only because media like the old fashioned Floppy Disk with IBM DOS on it are a bit outdated. Today’s Internet users need assurance that they can trust web sites and downloads because of the potential damage or piracy that software can cause.

A Code Signing Certificate allows IT developers like Apple to digitally sign their software before it’s distributed over the Internet. With it they add a layer of assurance that tells users that their software can be trusted, isn’t modified since it was signed and does not come from a malicious source.

Apple routinely stops signing older versions of software updates after new releases come out in order to encourage customers to keep their operating systems up to date.

How does “Signing iOS X.z” work?

A small piece of software adds a certificate issued by a Certificate Authority (CA, here it’s Apple) to the Software to be signed. It generates a one-way hash value (see below) of the software and uses the private key issued to the developer from the CA to encrypt this hash and bundles the hash and certificate with the software. From now on the software and the certificate are an entity.

When a user receives the software, he (isn’t able to do it but a feature in his operating system) verifies it by decrypting the hash using the public key in the certificate, creates a new hash of the downloaded application and compares the new hash with the hash that was signed with the certificate. If the two hashes match, the user knows that the application has not been modified since it was signed and its source is the developer who once applied for his personal certificate.

Note

A HASH function is any function that can be used to map data of arbitrary size to data of a fixed size. A cryptographic hash function allows to easily verify that some input data – an iOS version or the modified parts – maps to a given hash value. A very, very simple and not very secure hash function would be to count the number of words in my post. The app I use to write posts tells me: 410 words. If you contact me and it’s not the number I tell you, the post was modified by someone else.

Thanks for signing reading.


Actions

Information