Resign IPA from development to enterprise

Question

Is it possible to resign an .ipa file signed with a development certificate to an enterprise certificate?

Background: My client needs the .ipa file. He owns the enterprise certificates which he won't share with us. The idea is that I deliver the .ipa file with my own development certificate and deliver it to him. He resigns it using his enterprise certificate so he can deploy his app on his internal app store.

Currently I have my .ipa file signed and I'm ready to submit the file, but I have to be certain it's possible.

I read this article but the assumption there is that the provisioning profile is either for Adhoc, or Enterprise distribution .. which is not my case and I don't know if it matters.

Answer 1

It is possible to resign the ipa after it is built.

1. Terminal way - You can try this. https://coderwall.com/p/cea3fw/resign-ipa-with-new-distribution-certificate

2. Tool - https://github.com/xndrs/XReSign - A wonderful tool to resign the IPA.

Answer 2

To resign ipa for enterprise or ad-hoc distribution you can follow below simple steps:

To resign app using terminal you can follow below steps:

1. Unzip ipa

   unzip MyApp.ipa

2. Remove existing signature

   rm -rf Payload/MyApp.app/_CodeSignature/

3. Copy your Ad-Hoc or enterprise provisioning profile to payload's embedded provisioning profile.

   cp ~/Desktop/MyAdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision

4. Re-sign .app file with related code signing identity for Ad-hoc or Enterprise certificate available in Keychain.

   codesign -f -s "iPhone Distribution: Code signing Certificate for Enterprise or Ad-hoc app" Payload/MyApp.app

5. Zip payload and give name of ipa you want.

   zip -qr MyApp_Resigned.ipa Payload/