Today was supposed to be a good day. I have been working for months on an iPhone game and today I was supposed to submit the final build to Apple. Today I was supposed to feel the relief of a project completed. Today was supposed to be call for celebration.
Instead, today was FUBAR because of code signing problems.
In my down time today, as I waited for certificates to be generated and phone calls to be returned, I searched the web for a good overview of digital signatures and public key encryption that I could use to explain the process to people who did not implement RSA in Scheme.
I found “What is a Digital Signature?” by David Youd, which manages to be simple without being misleading. He is writing about email, but the concept applies to code signing if you make the following substitutions:
- Bob → developer
- email message → iPhone application
- Pat → iPhone user
- Doug → malicious developer
- Susan → Apple Worldwide Developer Relations
- Pat’s user friendly software → iTunes