与第三方开发者共享iOS分发证书是否安全?
[英]Is it safe to share iOS distribution certificate with third party developer?
问题描述
We have an enterprise developer account and for an app we are working with an external developer. 
我们有一个企业开发人员帐户,对于我们正在与外部开发人员合作的应用程序。
External developer needs to be able to build ipa files for us. 外部开发人员需要能够为我们构建ipa文件。
From a security point of view, is it safe/recommended for us to share the distribution certificate (and the private key) and a provisioning profile so they can build ipa files? 从安全的角度来看,我们是否安全/建议共享分发证书(和私钥)和配置文件,以便他们可以构建ipa文件?
If we share distribution certificate (and the private key) will there be any problem ? 如果我们共享分发证书(和私钥)会有任何问题吗?
1 个解决方案
解决方案1
3 2016-08-29 18:57:58
You should not be sharing your private key. 您不应该共享您的私钥。 This is not safe. 这不安全。 Please read through this article. 请仔细阅读本文。 https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html
It clearly states "Worse, if someone else has your private key, that person may be able to impersonate you. In the wrong hands, someone might attempt to distribute an app that contains malicious code. Not only could that cause the app to be rejected, it could also mean your developer credentials could be revoked by Apple. Private keys are stored only in the keychain and can't be retrieved if lost." 它明确指出“更糟糕的是,如果其他人拥有您的私钥,该人可能会冒充您。在错误的人手中,有人可能会尝试分发包含恶意代码的应用程序。这不仅会导致应用程序被拒绝,这也可能意味着您的开发者凭证可能被Apple撤销。私钥只存储在钥匙串中,如果丢失则无法检索。“
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.