Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: Mac OS X code signing suggestions?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mac OS X code signing suggestions?

--On Wednesday, November 10, 2004 11:07 AM -0800 Jim Lester <email@hidden> wrote:


On Nov 10, 2004, at 10:30 AM, Perry The Cynic wrote:

> --On Tuesday, November 9, 2004 4:55 PM -0800 Jamie Wood
> <email@hidden> wrote:
>
>> 1. Is there a recommended way of signing executable (Mach-O) code
>> under
>> Mac OS X?
>
> It depends on what you're after. If you want to sign a bundle and
> later verify that it hasn't changed, Tiger contains a (new) "Manifest"
> API that takes care of enumerating the bundle (or any other set of
> files you care to specify) and produce a "signature" blob based on
> CMS/X509 certificates. That will be officially supported in Tiger; it
> doesn't exist in Panther and earlier.
>
> These signatures are not currently useful for "live" self-verification
> of a running program (for a number of nasty reasons). Perhaps this may
> eventually change, but not for Tiger.

Perry
	Can the Manifiest APIs be used to verify non-running programs or
frameworks prior to loading?  In particular, I am worried about
validating plugins before I load them in my application.  Also when
validating the signature, can I specify which roots the signing
certificate must chain to, or will the validation succeed if the signing
certificate chains to any of the users currently trusted root
certificates?

Yes, you can use this to verify signatures on plugin bundles before loading (assuming you do the loading explicitly), as long as you're secure against someone modifying the bundle while or after you've checked it. (There is a window of vulnerability *after* you checked but *before* you loaded.)

The Manifest APIs allow you to use your own SecTrustRef to evaluate (see <Security/SecTrust.h>), which you can fill with exactly the evaluation environment you like - including your own root set. That's up to you (the caller) to decide. (The default root set is, indeed, the system default set.)

Cheers
 -- perry
---------------------------------------------------------------------------
Perry The Cynic                                             email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Mac OS X code signing suggestions? (From: "Jamie Wood" <email@hidden>)


 >Re: Mac OS X code signing suggestions? (From: Perry The Cynic <email@hidden>)


 >Re: Mac OS X code signing suggestions? (From: Jim Lester <email@hidden>)























Visit the Apple Store online or at retail locations.

1-800-MY-APPLE


Contact Apple | Terms of Use | Privacy Policy


Copyright © 2011 Apple Inc. All rights reserved.