Shortcut Signing (MacOS shortcuts cli)

[bbb651]

Since iOS 15, apple only allows shortcuts to be imported if they are signed, see this blog for more info. Importing a non-signed shortcut can currently only be done through a Mac with the shortcuts cli or a iOS 14- device through the "Get Link to File" action.
In addition, all shortcuts are encrypted as Apple Encrypted Archives when shared as files (my own observation, not sure if it's new in iOS 15 as I haven't tested a iOS 14- device, sharing through iCloud decrypts it)

❯ plistutil -f xml -i test.shortcut
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>AEA1</string>
</plist>

It would be really cool if this was supported, it can really bring to more shortcut sharing sites like RoutineHub and cool uses of shortcut generation.
My own use case is building a language that compiles to shortcuts, much like Cherri and other simallar shortcuts languages.
I can try and help with the implementation, although I don't own a Mac so reverse engineering is very difficult and I'm not sure where to start as I'm not familiar with the project.

Edit: Slight correction, I remember reading somewhere that even though the format is called "Apple Encrypted Archive" they're not actually cryptographically encrypted. They are actually signed though.

[indygreg]

I had no clue it was possible to sign shortcuts!

And I haven't heard of Apple Encrypted Archives. Presumably there's a way to sign these AEA entities.

https://theapplewiki.com/wiki/Apple_Encrypted_Archive has some details. A quick Internet search found https://github.com/0xilis/libshortcutsign, which is in the shortcut signing domain.

Presumably we'd want a pure Rust interface to do all this. It feels technically achievable. But I'm not going to have time for it anytime soon.

I would welcome contributions to implement missing functionality.