Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

A Deep Dive into iOS Code Signing

Generally speaking, any code which runs on an iOS device must have a chain-of-trust leading up to Apple’s root certificate authority. This chain-of-trust is embedded into the Mach-O executable itself when the executable is signed. When talking about an iOS application, each resource used by it (be it an image, font or a library) must also be signed along with the main executable.

However, it is rather hard (and inefficient) to stuff all of the aforementioned information into the executable itself. The application might not need access to all of its embedded resources at launch time, so embedding their signature into the main executable is a waste of memory. Therefore, a code signature consists of two major components: the Application Seal (AKA the Resource Directory), and the Embedded Signature. A Deep Dive into iOS Code Signing