Apple Certs and Profiles – without a Mac

While I have used Windows 10 for the screenshots etc I am reliably informed that the process also works for Windows 11

I think we will all agree that the annual chore of regenerating signing certificates and provisioning profiles for our iOS project is just that – a chore. Not only do we have to remember the dance that we performed the year before but also need to dust off the Mac Mini and hope it boots.

But why a Mac Mini? Why are we tied to using Apple hardware to generate our certificate signing request and to export the resulting certificate in the correct format?

Well, as it turns out ….. we don’t, we can in fact use Windows 10 using built in tooling.

Generating a Certificate Request (aka CSR)

If you were using a Mac you would open the Keychain to create your CSR, in Windows 10 you can use the Certificate Manager to do the same thing.

» Enter ‘certificates’ into the taskbar search box and select the ‘Manage computer certificates’ option

» Next select the ‘Personal’ folder

» Then select Action > All Tasks > Advanced Operations > Create Custom Request from the main menu and click Next to skip the ‘Welcome’ page

Select Certificate Enrollment Policy

» Ensure ‘Proceed without enrollment policy’ is selected

» Click Next

Custom Request

» Set the template as ‘No Template’ and ensure the Request format is PKCS #10

» Click Next

Certificate Information

» Click the Details expander and then properties

Certificate Properties

» On the General tab enter a Friendly Name and Description (not sure where this is used in the process)

» On the Subject tab within the Subject Name panel, select the Common Name item from the Type dropdown, enter a Value and click Add to include the parameter

» On the Extensions tab expand the ‘Key Usage’ section then Select and Add the following items:

  • Digital Signature
  • Key Certificate Signing

» On the Private Key tab expand the Key Options section and set the Key Size to 2048. Also tick the ‘Make private key exportable‘ option

» Still on the Private Key tab, expand the Select Hash Algorithm and select sha256

» Click OK to commit these changes then click Next

Save Certificate

» Finally enter a suitable filename and leave hte file format set to Base 64.

» Click Finish

This CSR can now be used to generate the certificate on the Apple Developer portal and create a corresponding Provisioning Profile.

Once you have done so, download both to your local PC.

While the Provisioning Profile is ready to use we need to convert the .cer file that we downloaded into a .p12 file that can be used by systems like DevOps and AppCenter.

Importing your Apple Certificate

» Back in the Windows Certificate Manager and with the Personal folder selected select Action > All Tasks > Import from the main men then click Next to skip the ‘Welcome’screen.

File to Import

» Click the Browse button to locate and select your downloaded certificate

» Click Next

Certificate Store

» Confirm the target location of certificate as Personal

» Click Next then Finish to complete the import

If you now select the Certificates folder within Personal you should see the shiny new certificate

Right, now they we have imported it … we need to export it again 😉

Exporting the P12 Certificate

» With the new certificate selected select Action > All Tasks > Export from the main menu and click Next to get past the Welcome screen

Export Private Key

» Select ‘Yes, export the private key’ option

» Click Next

Export File Format

My system only seems to allow me to export as PKCS #12 format (which is lucky as that’s what we need) and I select the following options:

  • Export all extended properties
  • Enable certificate privacy

» Click Next

Security

» Tick the Password checkbox then type and repeat your password and select TripleDES-SHA1 as the Encryption method (yes, this seems to fly in the face of the sha256 value we specified in the CSR but if you pick AES256-SHA256 option we will probably get an error when you try to use build your app).

» Click Next

File to Export

» Use the Browse button to select your desired output location and filename, then click Next

» Finally click Finish to complete the export process

Note that the saved file has a .pfx extension which most systems won’t accept – despite the file being perfectly valid so you will need to change this to .p12 and you are done.

Using your newly exported .p12 certificate and your provisioning profile you can now sign your iOS builds using DevOps or AppCenter – all withough a Mac in sight.

Running Linux on a Mac! Why?

I never like to throw anything away and when it comes to technology, you never know when you may need it.

So when my 2013 iMac stopped receiving OS updates from Apple I wondered what I could do with it.

Afterall, if it won’t run the latest OS then it won’t run the latest version of XCode and if it can’t run the latest version of XCode then I can’t use it to develop apps for iOS. More accurately, I can develop the apps but because I can’t compile against the latest SDK ultimately the App Store will reject them.

As my MacBook Pro had taken over the role of Xamarin development system the iMac had sat under my desk, unused for months.

So while Apple’s policy of, essentially, obsoleting my hardware is frustrating that doesn’t mean I have to throw the whole thing out – that’s not in my nature. So what could I do with it?

Well, I’m aware that some people install Windows on obsolete Apple hardware I have no need for such a setup – I have a powerful, albeit ageing, workstation running Windows 10 as well as a Surface Pro which may (or may not) be compatible with Windows 11.

So, as a .NET developer knowing that .NET Core can be installed on Windows, Mac and Linux I thought I would give it a whirl. Install Linux on the Mac, followed by .NET Core and Visual Studio Code (which also has a Linux version).

Step one was to install Linux which was remarkably easy as it happens. After copying the .iso onto a USB key using Etcher, plugging in it and powering up the iMac with the option key pressed I entered the standard Linux setup process. I followed these instructions on the MacWorld website and soon had Ubuntu 20.04 up and running.

Next I headed over to the Microsoft website to get the .NET Core SDK and Runtimes I needed – I installed versions 3.1 and 6.0 with a few basic commands entered into the Terminal.

Finally I downloaded Visual Studio Code from the Microsoft Website (it is available as a Snap package but I like to know what I’m installing). and my Git client of choice, GitKraken, so that I could pull down my source code.

After opening the solution Visual Studio Code prompted me to install a couple of extensions and boom – my code was building and running … on Linux … on a Mac.

Big deal, now what?

I can’t develop iOS application with this setup – but then I don’t really do a great deal of Xamarin development at the moment and I still have my MacBook Pro.

What I can do is develop web applications using a wealth of .NET technologies, e.g. MVC, Razor Pages and Blazor. I can connect to MySQL and (using a Docker container) SQL Server databases.

And that’s what I intend to do and see how far I can go with this setup – and maybe I’ll even write about it 😉

Why do I watch Beginner Pluralsight courses?

Like many developers around the world I have a subscription to Pluralsight, an online service that provides high quality training courses for Software Developers (and many other professions/skills).

However, unlike many other developers and despite having a couple of decades of development experience behind me, I don’t shy away from the courses marked as Beginner.

I know that many will think these courses as being beneath them but while some of the material may be fairly basic for me there is always something to learn, even if it’s ‘just’ how to explain something to a more junior developer.

Sometimes there is a small pearl of wisdom that the instructor just throws out there, not really part of the subject matter but a personal preference or a useful utility that I hadn’t heard about before.

Recently I was watching a short 2 hour course on ‘Angular Forms‘ by Mark Zamoyta where he used an online utility called PutsReq to stand up a temporary API endpoint to allow him to create his form, POST the data and handle the response – all without actually having to flash up Visual Studio (other IDEs are available) and create a local WebAPI to target.

Now, there may well be other similar utilities out there and some may well be better – but Mark felt that this was good enough to do the job at hand and demonstrated how to use it.

I’m currently watching ‘Building a Web App with ASP.NET Core, MVC, Entity Framework Core, Bootstrap and Angular‘ by Shaun Wildermuth. This is also a beginners course and he does start off by explaining HTML, CSS and Javascript at a pretty basic level. But .NET Core is still pretty new and sometimes it’s good to sit back and watch someone who has taken the hit to wire all thses things together.

While I consider myself competent in .NET, C#, MVC and WebAPI I am still on the Angular learning curve and fully admit that my CSS is somewhat shaky. Having watched some of Shawn’s other courses I’m pretty confdent that I will come out of this 9 hour course better equipped for what lays ahead.

Above I mentioned that I have over 20 years experience, I think it is important to ensure that it not the same 20 years!

Even now in my early 50s I want (need?) to evolve as a developer, keep up with the ever advancing technologies, to learn new skills that I can use day to day.

In the past I watched many courses by the late K Scott Allen and always gained more that the course title suggested. With over 50 courses to his name there is something for everyone in his back catalog even if you’re not a .NET developer. It’s true that many of his courses are being ‘retired’ now but many of us are still supporting legacy systems so just because it isn’t new and shiny doesn’t mean it’s obsolete.

So, whether I’m polishing my existing skills, learning new ones or improving my ability to explain the basics – I’ll still be watching Beginner courses on Pluralsight and I advise you to do the same.

End of the road for 8yo Workstation?

Back in 2013 I bought myself a shiny new, custom built workstation from Scan Computers. Costing me around £1300 I had opted for a pretty decent spec for the time:

  • Intel i7-3770 3.4GHz CPU
  • 32 GB RAM
  • Nvidia GeForce GTX 650Ti
  • 250 GB SSD + 500GB spinning rust HDD

By todays standards this is probably pretty lame but it certainly kicked my old PC into a cocked hat! Able to run three monitors and all the speed I needed with a good amount of headroom.

That said, it still runs pretty well today (some 8 years later) and has served me very well throughout my contracting/freelance work. Today it’s my daily driver while I’m working from home.

Booting from cold to logged in and ready to work takes around 25 seconds (pretty slow in these days of instant gratification but it take me that long to pour a coffee so it’s not a problem) and I’ve never really had any major speed issues with anything I’ve thrown at it …. until recently that is.

Over the past few weeks I’ve experienced numerous reboots without any warning whatsoever. Fortunately I’m working via a Remote Desktop Connection to my work PC so all that happened was my connection dropped and I lost nothing. Still frustrating nonetheless.

After trawling through the event logs etc and finding nothing I wondered if this was the end of the road for my trusty workstation – was the hardware starting to show it’s age and let me down?

If so then could I use the MacBook Pro or Surface Pro instead or was I looking down the barrel of specing up a new system and seeing if I could justify the cost considering I’m not working for myself anymore.

For some reason the first thing I thought about was the CPU – maybe it was showing it’s age and I was over-revving it (even though my work PC would be doing all the hard work when I’ve experienced the reboots!). So after looking around for some recommended utilities I installed ‘Core Temp‘ and fired it up – the aim being to monitor the CPU temperature to see if it was increasing to critical levels and causing it to ‘panic’!

Now, the screenshot to the right isn’t from the initial monitoring but what it looks like now and if you know anything about CPU temperatures (I didn’t until I looked it up) you’ll know that this is running within the normal range. This wasn’t the case a day or so ago!

When I initially opened Core Temp the Workstations 4 cores were running in the low 80’s – a quick Goggle told me this wasn’t good and while it may not be my problem it was certainly something that needed attention.

Now, I’ve hoovered out my case a number of times over the years, it’s sitting on the floor under my desk after all, but I was certainly surprised to find that I couldn’t actually see the fins in my CPU heatsink from above.

After removing the heatsink and fan assembly and separating the two this is what I found..!

Now that’s pretty disgusting, but in my defence that’s not just my skin cells – my home office is in the loft room and recently we’ve been in and out of the attic spaces to update the insulation and board it out for storage – this all creates a certain amout of dust which my workstation has been doing a good job of collecting (on the CPU and as it happens the GPU heatsinks).

After a good clean and a fresh layer of thermal paste my teperatures are now back in the normal range (as shown in the above screenshot from Core Temp) and I’ve not suffered a reboot since.

So while I can breathe easy now this has been a warning shot across my bow – this thing isn’t going to last forever afterall.

The experience has prompted me to review the content of this system to see how badly impacted I would be if (when?) it goes bang for good – and the results were encouraging.

There isn’t really anything on here that I couldn’t access from the Mac or Surface. Pretty much everything is either in the cloud or on my Synology NAS (which is also backed up on AWS S3).

All in all I’m happy that I don’t have to put my hand in my pocket for a new system and that the current one is not a single point of failure – I would still be able to call on one of my other systems and get back up and running in pretty much no time.

Happy Days 🙂

FillLPG for Android – RIP

So, as per my previous post, I have now removed the FillLPG for Android app from the Google Play Store – and it won’t be coming back.

As promised in that post I have uploaded the installation file (actually ‘files’ – see below) and it can be downloaded at the bottom of this post.

The file has been compressed into a ZIP archive to reduce the file size and to allow my blog to upload it – it gets a little fussy sometimes.

Note that to install the app without using the Play Store you will need to be happy with ‘side-loading’ onto your device.

Continue reading “FillLPG for Android – RIP”

FillLPG for Android: Pulling the Plug

In a previous blog post I announced that the FillLPG for Android application was no longer in active development (which I then updated but let’s not lose focus here) and indicated that a time would come when I would remove it from the Google Play Store.

Well, that time is upon us.

The tipping point came today when I received feedback from two different channels, a review on the Play Store and an email from a fellow developer.

Continue reading “FillLPG for Android: Pulling the Plug”

No Jokes please, we’re Developers

Let’s be honest, jokes are normally funny because they are at somebody’s expense. Whether it’s about a mother-in-law, a profession or ‘an Englishman, Irishman and a Scotsman’ – somebody is always on the end of it and nobody like to be made fun of.

Now, these jokes are all well and good as long and you are not the subject – that said I’m a Cornishman and I get some stick over that but in general it’s just banter and I personally don’t find it offensive or oppressive.

Some of this I do find over the top and some people will find offence in just about anything (including this blog post I expect) but I do understand that we are more enlightened and have more appreciation of how these jokes can have a serious impact on others and we need to be mindful of that.

All that said, I saw a tweet yesterday which made me put my head in my hands;

Continue reading “No Jokes please, we’re Developers”

Sending Secure SMS – That’s Crazy Talk!

Many of us know that when we send an SMS (aka text message) it is sent in plain text and can be read by anyone with sufficient access.

This is normally limited to your cell provider but there are hackers out there using readily available hardware to act as a cell tower and initiate a man-in-the-middle attack.

Now I don’t know about you but I seldom send a regular SMS message – I use WhatsApp most of the time. Not only does it allow group chats (very handy for communicating with the family – especially during Covid-19 Lockdown) but it also provides end-to-end encryption. This means that only the intended recipient(s) and myself can read the message content.

It’s not that I’m doing anything illegal of course, it’s all about privacy.

Now, before you start down the ‘what about terrorists and paedophiles’ route I’ve already covered my thoughts about that argument, normally spouted by Government officials when trying to justify an erosion of our privacy and freedoms, in a previous blog post.

The UK Government (and they are not alone by any means) are continually using this argument to attempt to force technology companies to weaken their encrypted messaging systems. They are calling for backdoors to be put in to allow ‘authorised’ agencies to access the data to aid with criminal investigations.

My argument is that should the tech companies relent and add these backdoors then the bad people will just use something else or, crucially, write their own. This would leave the rest of us on hobbled, insecure system with ‘authorised agencies’ trawling around peoples private messages attempting to justify their hard won access.

So what is involved in writing your own secure messaging system? Surely it’s not just an app on the phone. Surely there needs to be servers and things to receive and forward these messages to the correct recipients. How would a regular user set these things up?

Well, yes there does need to be some form of delivery system but that doesn’t mean we need to write it – there’s already one out there, it’s on just about every phone out there and it’s been tried and tested for years. I am of course talking about the humble SMS text message.

Hang on, SMS isn’t secure!

True, the way SMS works doesn’t add any encryption to the process – plain text goes in and plain text comes out.

But this doesn’t mean that we can’t encrypt the message before we send it and for the recipient to decrypt it at the other end.

Now, I consider myself as a pretty competent developer – but I’m not what I would think of as a “rockstar developer”. I won’t have any of the big tech companies banging on my door offering me a massive salary and stock options to work for them. But surely I could write a mobile app which would allow the user to send and receive encrypted messages over SMS. As it happens – I can, and did just that.

As a proof of concept (you’re going to hear that term a lot in this post) I wrote an Android application, using Xamarin, which handles Key Pair generation, Key Exchange via QR code, Encryption, Decryption and integration with the devices SMS functionality.

Encryption is handled by the Open Source Sodium.Core library which is a fork of libsodium.net (also Open Source) which is itself a wrapper around the well regarded libsodium library – yep, Open Source all the way down.

In the image below Bob is sending a message to Alice, they have already exchanged their public keys using the app to display and scan a QR code containing the required data.

Basic flow showing Bob sending an encrypted message to Alice (sequence shortened)

Lets break this down a bit and explain, at a high level, what is happening here;

  1. Inside the Shhh.SMS app Bob selects Alice as the message recipient and enters his message (he can add emojis if he likes – that all works too!)
  2. After clicking Send devices SMS app is opened with the encrypted message ready to send
    • Bob will need to specify the recipient from his contacts
  3. Alice receives the SMS just like any other and uses the SMS apps ‘Share with’ functionality to send the encrypted message content with the Shhh.SMS app
  4. Shhh.SMS opens and if it can verify the message it displays the decrypted text

After passing the message over to the devices SMS application is only exists on Bob’s phone in it’s encrypted form.

When Alice receives the message it is only decrypted for viewing within the Shhh.SMS application.

Moreover, while the message was being sent it was encrypted using keys that only exist, securely, on the sender and recipients devices. The cell carriers involved in the delivery of the message have no way of decrypting it.

So what’s the point?

Let’s get this absolutely straight – I did not write this app so that bad people could communicate with each other about bad things. That’s not the point I’m trying to make here.

The point is that the encryption genie is out of the bottle and it cannot be put back in. It’s just math!

“…it’s a proof of concept and lacks polish but that’s not the point”

If the world Governments think that outlawing the use of encrypted messaging applications is going to stop bad people from using them then they are frankly deluded.

This app took me a couple of weeks of evenings to put together – sure, it’s a proof of concept and lacks polish but that’s not the point. The point is that if I can write this in a couple of weeks as an investigation, what could others with a more sinister mindset achieve?

The general public are, generally, good people. So why should we all be treated as if we are criminals?

When privacy is criminalized, only criminals will have privacy.

Daniel Suarez, Change Agent

Our privacy is being eroded because of a small minority of bad people. Laws are being passed that target a tiny proportion of people but affect us all.

You may be surprised to know who can currently request (demand?) access to your internet browsing history from your Internet Service Provider. Some are obvious, GCHQ and the Home Office, but I’m still at a loss as to why the Welsh Ambulance Services National Health Service Trust would need access to such information. And this is all without considering the security and accessibility of this data – is it just the agencies on this list?

OK, so how do I get the app?

As previously mentioned, this is a proof of concept and nothing more than that.

The user interface is basic and pretty ugly (no attempt has been made to style the app beyond some basic layout). The code could do with refactoring and cleaning up.

It certainly is not ready for the Google Play Store (development was Android only) and I have zero intention of making it so. That is not the purpose of this exercise.

What I have done is to make the source code fully Open Source and available on Github.

If you want to submit pull requests to fix problems or improve the app then please feel free to do so – but do bear in mind that it will never be my intention to release this as a production app via the Google Play Store.

By the way – did I mention that Shhh.SMS is only a Proof of Concept? Good, just checking 🙂

Covid19 – A Privacy Warning

In these weeks of lockdown in the UK due to Covid-19 there have been a number of incidents of the police overstepping their powers;

The police chief was forced to u-turn in his threat while the forces involved with the other two incidents say that the officers were ‘well intentioned but over zealous’ – but to my mind, that’s not the point.

The point is that there will always be people in a position of authority or power who overstep their remit – and when it come to our privacy that’s not a good thing.

Continue reading “Covid19 – A Privacy Warning”

Getting Started with Visual Studio 2019 Android Navigation Drawer template

So, I’ve had an idea for another privacy-focused application, this time aimed at mobile devices – Android in particular (I know that Apple are a little touchy about encryption apps – maybe I’ll venture into iOS at a later date).

Notwithstanding my desire to keep my skills up to date I knew that the project I have in mind would require a lot of platform specific logic. While Xamarin Forms can handle this I prefer to take the hit, roll my sleeves up and I opted for a native Android project instead – and that’s where the trouble/fun started.

If you go through the ‘New Project’ process below you will end up with an application which will look something like the one above;

Yep -just what I needed, an application with a slide out menu. Now all I need to do is to replace the default options with my own and then open the appropriate views when they are clicked – what could be easier?

Continue reading “Getting Started with Visual Studio 2019 Android Navigation Drawer template”

Unit Testing with the Xamarin.Forms MessagingCenter

While we all know that Test Driven Development (TDD) is a good idea, in practice it’s not always viable. It could be a time constraint, a resource issue or the project just doesn’t warrant it.

While TDD may sometimes be an option, unit tests themselves should really be considered to be a must. They will save you a lot of time in the long run and while they may not prevent you from going grey, ask me how I know, they will reduce your stress levels when bugs raise their ugly heads.

So, whether you write your tests before you write the code or vice-versa, if you are developing production code you really should write tests to cover it.

Now, one of the requirements for unit testing is the ability to mock out a components dependencies so that you are only testing the component itself.

Normally you would use the Dependancy Injection pattern to help develop loosely coupled systems but Xamarin.Forms has a few components which can be a fly in the ointment – one of these is the MessagingCenter.

Continue reading “Unit Testing with the Xamarin.Forms MessagingCenter”

AppSettings in Xamarin.Forms

If you have used ASP.NET in recent years you will probably be familiar with the appSettings.jsonfile and it’s associated, build-specific transformations, e.g. appSettings.development.json and appSettings.release.json.

Essentially these allow developers to define multiple configuration settings which will be swapped out based on the build configuration in play. Common settings are stored in the main appSettings.json file while, for instance, API Endpoint Urls for development and production deployments are stored in the development and release files.

At compile-time any values specified in the deployment version of the file overwrite those in the common version.

Simple – works well and we use it all the time without thinking about it. But what about Xamarin.Forms – it doesn’t have such a mechanism out of the box so how do we achieve this and prevent accidentally publishing an app to the App/Play Stores which are pointing to your development/staging servers?

Continue reading “AppSettings in Xamarin.Forms”

Roll my own DDNS? Why Not.!

Update: Well, there’s certainly more to Dynamic DNS than meets the eye – who knew.

Investigations led to the decision that I should put my hand in my pocket and spend my time better elsewhere.

Not that I opted for the overpriced offering from Oracle, signing up with NoIp instead.

Like many devs I have been known to host websites and services behind my home broadband router and therefore needed a Dynamic DNS resolver service of some description. But in my recent moves to limit my reliance on third-party services – including those provided by Google – I wanted to see what would be involved in creating my own service.

Why would I want to roll by own?

Over the last few years I’ve moved my hosted websites outside of my home network and onto services offered by Digital Ocean so I was only really using my DDNS provider for a single resource – my Synology NAS.

Now, in the past I’ve used DynDNS (an Oracle product) and while I’ve had no issues with the service it’s not what you could call cheap – currently starting at $55 a year. When a previous renewal came through, and after reviewing what I was using it for, I decided to let it expire and do without the access to the NAS from outside my network.

Continue reading “Roll my own DDNS? Why Not.!”

Updating an end of life application

A while ago I posted that the FillLPG for Android application was, in a word, Dead! But in few days time users will notice a new version, 2.0.28.5, hitting the Play Store as well as in-app notifications to update – so what gives?

Have I changed my mind about withdrawing support for this app – no, I haven’t. Essentially my hand has been forced by Google’s recent decision to deprecate some of the functionality I was using to fetch nearby places as part of the ‘Add New Station’ wizard as well as requiring 64 bit support – the latter being little more than a checkbox and nothing that most users will ever notice.

Removal of the Places Picker

Prior to the update, when adding a new station a user could specify the location in one of two ways;

  • Select from a list of locations provided by the Google Places API and flagged as ‘Gas Stations’
  • Open a ‘Place Picker’ in the form of a map and drop a pin on the desired location

It is the second option which is now going away – and there is nothing I can do about it. Google are pulling it and that’s that.

Continue reading “Updating an end of life application”

Getting to grips with OzCode

When I was at NDC London in January I watched a demonstration of the OzCode extension for Visual Studio. Not only was it well presented but it highlighted some of the pinch points we all have to tolerate while debugging.

In return for a scan of my conference pass, i.e. my contact details, I received a whopping 35% discount off a licence and without completing the 30 day trial I was so impressed that I pulled out my wallet (actually the company wallet!).

While I don’t use all of the features every day there are a few that I use all the time – the first one is called ‘Reveal‘.

Consider the following situation:

But I already knew this was a list of view models!

At this breakpoint I’m looking at collection of View Models – but I knew that already what value am I getting from this window? There are over 600 records here – do I have to expand each one to find what I’m looking for? What if one has a null value that is causing my problem – how will I find it?

Continue reading “Getting to grips with OzCode”
%%footer%%