Application Signature

The Onegini SDK provides additional security, protecting an application against tampering/modification by calculating its Application Signature. The Application Signature is calculated by the SDK at runtime and it is verified against the Application Signature stored in the Token Server. To calculate the Application Signature for the Token Server configuration, please use the signature calculation tool.

Obtain the Signature calculator

Onegini support can provide you with the application signature calculator. It can be downloaded from the Onegini artficatory repository where also the iOS SDK can be downloaded from. The artifact is called ios-app-signature-calculator.

You must download the 1.4.0 version of the signature calculator tool.


This feature is available since version 3.02.00 of the Onegini iOS SDK. In order to execute the tool you need to have Java 8 installed on you machine.

Calculate signature

Once you have obtained the signature calculator you can execute it. The tool is a java utility that you need to execute from the command line.

Perform the following command:

java -jar ios-app-signature-calculator-1.4.0.jar {PATH_TO_APPLICATION}

In case you would like to run your application on an emulator please add an additional -e or --emulator.

java -jar ios-app-signature-calculator-1.4.0.jar {PATH_TO_APPLICATION} -e

Replace the PATH_TO_APPLICATION with the path pointing to the application file, this must be equal to the one accessed from Xcode. e.g. ${BUILT_PRODUCTS_DIR}/${PROJECT_NAME}.app.

If the provided path is valid the program will print the calculated hash values for the 32 and 64 bit architectures.

Calculated hash for architecture ARMV7 - 7341e1e309b4344c78782b205d1c12c80fefd8e5fb9b886c7d93a709001fe56c
Calculated hash for architecture ARM64 - 1c6a8c13a4826cf7802aef32d6218318f796ed70b403548a3a5a995540e3a193
Concatenated hash 7341e1e309b4344c78782b205d1c12c80fefd8e5fb9b886c7d93a709001fe56c|1c6a8c13a4826cf7802aef32d6218318f796ed70b403548a3a5a995540e3a193

Store the application signature

The value that is calculated must be stored in the Token Server admin console. Every application version has it's own specific application signature, since the signature will change for every build that you make of an application. The Token Server application version documentation provides more info on where and how to store the application signature for a specific application version.

Development mode

The application signature changes whenever the application is modified. If the application signature changes you need to update the Token Server configuration with the new value. Communication will fail if the application signature that is configured in the Token Server configuration does not match the application signature of the application. To suppress this requirement turn on development mode in the Token Server application configuration.


Debugging the application can also change the application signature generated in runtime. It's because debugger is modifying the application code read into the memory, which is used as a base for signature calculation.