Don't lose your keys
There are many difficult parts to creating and distributing an iPhone application. Don’t let the loss of an important file be one of them.
A client of mine recently had a scare when he (temporarily) lost his private key. Allow me to explain: for an iPhone application to be distributed, it has to be signed by a cryptographic key created by the developer. The signing is done by the private key, and verifying that the application is signed is done by the public key.
There are couple of things to note about the private key:
- The private key never leaves the machine it was created on. Ever.
- No one, including Apple, can regenerate your private key, if something were to happen to it.
While it is true that Apple has a copy of the developer’s certificate, they only have the public key, not the private. This makes sense, because whoever has your private key can distribute applications under your name. Thus, it’s not something you want to be storing just anywhere.
Losing your private key has a couple of implications, since it cannot be recovered and because developers can only have one distribution certificate at a time. This means the old certificate must be revoked before a new one can be created, which will caused all applications signed with the old certificate to die (Edit: I’ve been told by someone who revoked their certificate that it did not effect already distributed apps).
If you lose your private key your choice is to either never update your application ever again, or kill all existing copies of it.
After you upload a new version signed with the new certificate, your old customers can get the application, but only after paying for it again. Not a huge deal if your application is free, but if it’s not your customers will probably be upset.
All of this to say: you should be backing up your private key. Your private key is stored in the Keychain, and will have to be exported first. Here’s how you do it:
- Launch Keychain Access, which lives in /Applications/Utilities.
- In the Category list on the left, select Keys.
- In the Keys list, select the keys used for code signing. They will have disclosure triangles next to them, which reveal iPhone Developer/Distribution certificates.
- From the menu, select File > Export Items. Be sure to save the key in the Personal Information Exchange (.p12) format.
- During the export, you will be prompted to create a password which will protect the exported file. Be sure to pick a secure password that you will either remember or that you will store in a safe place.
Now you have your private keys in a file that you can backup or check into source control. You will also probably want to backup the password you created in step 5.
Installing the private keys on a new machine is easy:
- Copy the exported file to the machine you want to install it on.
- Double click the .p12 file, which will launch Keychain Access.
- When prompted, entered the password you created in the previous step 5.
That’s all there is to it. Hopefully this will save someone pain in the future.