Re: Code signing
Re: Code signing
- Subject: Re: Code signing
- From: glenn andreas <email@hidden>
- Date: Mon, 22 Aug 2005 20:57:45 -0500
On Aug 22, 2005, at 8:31 PM, Brad Peterson wrote:
Hi,
I didn't see anything directly on point about this
(forgive me if I missed it, please) but is there any
facility for code signing a cocoa app?
No.
I'd like a nice OS-supported means of making sure my
apps aren't edited/hacked. I realize that the Keychain
must do some sort of CRC or simple file size check
("application has changed... allow?"), but that
doesn't seem to be exposed.
Up until somewhat recently, applications did "prebinding" which
effectively caused the executable to be changed (to make them launch
faster). The net result was that since the app was actually changed
on the client's machine, there was no really useful way to sign the
binary (you could do something with the macho sections that didn't
need to be tweaked, but that limited the appeal of signed binaries).
You should definitely read <http://www.periodic-kingdom.org/People/
Miro/Papers/MacHack-SigningPrebound/SigningPrebound.pdf> for more
details (though obviously there have been some system changes since
then).
I'd thought about putting the required CRC/file size
info on a server somewhere, and then having the
installer query for it, but that seems a bit
overboard. It also has the distict disadvantage of
failing if the user downloads, then wants to install
later without an internet connection. (Which happens
more often than I would have guessed.)
Any thoughts or ideas would be appreciated.
Personally, if the signing of the application isn't a system level
service, I don't hold any real stock in it. After all, if you're
worried that the installer has been hacked to install a rogue binary,
and then the checksum would catch this, nothing stops the installer
from having been compromised to claim that the checksum is valid.
A long time ago, there was the ability to sign executables (AOCE
provided digital signature complete with certificate verification),
but there's nothing there now.
And ultimately, what _exactly_ are you trying to prevent? If
somebody gets your application from somewhere other than your server,
they could be getting anything. And if somebody can subvert your
server, well, you've got bigger problems.
Glenn Andreas email@hidden
<http://www.gandreas.com/> wicked fun!
Widgetarium | the quickest path to widgets
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
References: | |
| >Code signing (From: Brad Peterson <email@hidden>) |