How to sign IPA? How do I get the CERTIFICATEPATH, PRIVATEKEYPATH and MOBILEPROVISIONPATH?

[sleeyax]

The sign command requires the CERTIFICATEPATH, PRIVATEKEYPATH and MOBILEPROVISIONPATH parameters:

Usage: sideloader-cli-x86_64-linux-gnu sign -c CERTIFICATEPATH -k PRIVATEKEYPATH -m MOBILEPROVISIONPATH [--singlethread] [-h] app path

Sign an application bundle.

Required arguments:
  -c CERTIFICATEPATH, --cert CERTIFICATEPATH
                    Certificate (signed by Apple).
  -k PRIVATEKEYPATH, --key PRIVATEKEYPATH
                    Private key (matching the signed certificate).
  -m MOBILEPROVISIONPATH, --provision MOBILEPROVISIONPATH
                    App's provisioning certificate.
  app path          App path.

But where do I get those? The cert list command can only list the certificates (not download them) and the GUI can only dump the certificate in .DER format.

So how am I supposed to pass in these parameters if there doesn't seem to be a way to get them using this tool? I'm confused.

[Dadoum]

I forgot to add an option to dump a certificate from the command line. Aside from that, the full flow is

• Create a Private Key. With OpenSSL, you can make use of that command: openssl genrsa -out privatekey.pem 2048
• Create a CSR, "Certificate Sign Request", with your private key. With OpenSSL, you can do openssl req -new -key "privatekey.pem" -out "csr.csr" -subj "/C=NL/ST=STATE/L=LOCAL/O=ORGANIZATION/CN=CN".
• Then you can submit it with the tool. Now if you list certificates you should see a new certificate.
• Now you can dump it from the GUI (I forgot to implement a command to dump it from the CLI).
• Add a new App ID with Sideloader's CLI.
• Dump the AppID's mobileprovision with the CLI.

Now you have all of the files at your disposal.

[sleeyax]

Thank you for answering, I'll try it out out soon (it's night here).

[sleeyax]

Actually, I ended up going with another approach (install unsigned IPA on jailbroken device using troll store). Thanks though!