Regarding the principle of enterprise signature, Apple adopts a two-layer signature scheme: a pair of public and private keys is generated on the Mac, and Apple has a fixed pair of public and private keys, with the private key in the Apple background and the public key on each iOS device. Pass the public key to the Apple background, and sign the public key with the private key in the Apple background. Get a piece of data including the public key and its signature, and call this data a certificate.
The later certificate is what we call the signing certificate now, and the double-layer signature is the iOS corporate signature that we have been using. At the time of installation, the iOS system obtains the certificate, and verifies whether the digital signature of embedded.mobileprovision is correct through the public key A built into the system, and the certificate signature will be checked again. After ensuring that the data in the embedded.mobileprovision is authorized by Apple, you can take out the data inside and do various verifications, including verifying the signature of the APP with the public key, verifying whether the device ID is on the ID list, whether the AppID corresponds, and whether the permission switch corresponds to the authorization in the APP.
In fact, the iOS enterprise signature is to use APPle's enterprise developer account to generate the certificate we mentioned above, and to digitally sign the App application in two layers, so that you can directly skip the upload of the App Store and quickly install it on the user's Apple mobile phone, avoiding the trouble of uploading the App Store and bidding farewell to Apple's official long review cycle and strict review mechanism.