I want to send users' step counts data to my server for leaderboard of a competition.
But since there are big rewards, there can be cheaters.
I found this (https://developer.apple.com/documentation/healthkit/samples/adding_digital_signatures?language=objc) in the documentation. But no other information around that.
So how can I get that signature? Is there any metadata written for Apple health records already?
Is there any public key to verify the signature against?
The HKMetadataKeyDigitalSignature key allows apps that are adding HealthKit samples to add a digital signature to the metadata of samples that they add. It is just a name for that item in the metadata.
HealthKit does not add a digital signature to samples by default. The app that adding the sample can implement a strategy for signing the sample. It is responsible for managing keys.
From the article you linked to:
Devices can digitally sign the samples they create, letting other apps validate the samples and verify that they have not been altered. To facilitate this process, HealthKit provides the digital signature metadata key...
There is no way to prevent the user from entering what ever step data they want into HealthKit.
You could use CMPedometer in your app to collect the steps data rather than relying on HealthKit data and then use App Attestation to confirm that the data is being submitted to your server by your app.