Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: Mac OS X code signing suggestions?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mac OS X code signing suggestions?


On Nov 10, 2004, at 10:30 AM, Perry The Cynic wrote:

--On Tuesday, November 9, 2004 4:55 PM -0800 Jamie Wood <email@hidden> wrote:

1. Is there a recommended way of signing executable (Mach-O) code under
Mac OS X?

It depends on what you're after. If you want to sign a bundle and later verify that it hasn't changed, Tiger contains a (new) "Manifest" API that takes care of enumerating the bundle (or any other set of files you care to specify) and produce a "signature" blob based on CMS/X509 certificates. That will be officially supported in Tiger; it doesn't exist in Panther and earlier.

These signatures are not currently useful for "live" self-verification of a running program (for a number of nasty reasons). Perhaps this may eventually change, but not for Tiger.

Perry
Can the Manifiest APIs be used to verify non-running programs or frameworks prior to loading? In particular, I am worried about validating plugins before I load them in my application. Also when validating the signature, can I specify which roots the signing certificate must chain to, or will the validation succeed if the signing certificate chains to any of the users currently trusted root certificates?

--
Thanks
 -jim

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden







References: 


 >Mac OS X code signing suggestions? (From: "Jamie Wood" <email@hidden>)


 >Re: Mac OS X code signing suggestions? (From: Perry The Cynic <email@hidden>)























Visit the Apple Store online or at retail locations.

1-800-MY-APPLE


Contact Apple | Terms of Use | Privacy Policy


Copyright © 2011 Apple Inc. All rights reserved.