Signed iPhone Applications

So now that we know. Apple will be using signing for iPhone Applications. Readers what to know how developers will be able to sign their programs to authenticate them for the iPhone. Short answer, I don't know. Apple hasn't shared this information yet.

Going by my experience with Amazon's Web Services, I suspect that developers will be issued two keys to use for packaging their software: a public key and a secret one.

If I have this right (and do please feel free to correct!), you'll use the secret key to sign your application and include the signature plus your public key with the application.

Apple has been especially unforthcoming about how iPhone applications will be distributed and installed. Clearly the current private "sanctioned developer" games model isn't going to transition well to the wild and wooly open iPhone development promised with the developer SDK. I was so hoping for more details during the January keynote.

Given the general lack of announcements don't be surprised if the SDK precedes actual application distribution by many months. And don't be surprised if Apple announces a Developer or Application qualification program to certify either you or your product before it lets you distribute to iPhones.

What we know

• A new service called "Nikita" is responsible for receiving, unarchiving and decrypting the application packages on the iPhone/iPod end.
• Onboard the iPhone/iPod, two versions of Nikita lives in /usr/libexec: nikita_installer and nikita_uninstaller.
• The service is called com.apple.mobile.nikita.
• Nikita is already defined as part of iTunes' secure MZFinance web objects.