• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code signing

  • Subject: Re: Code signing
  • From: glenn andreas <email@hidden>
  • Date: Mon, 22 Aug 2005 20:57:45 -0500

On Aug 22, 2005, at 8:31 PM, Brad Peterson wrote:

Hi,

I didn't see anything directly on point about this
(forgive me if I missed it, please) but is there any
facility for code signing a cocoa app?


No.


I'd like a nice OS-supported means of making sure my
apps aren't edited/hacked. I realize that the Keychain
must do some sort of CRC or simple file size check
("application has changed... allow?"), but that
doesn't seem to be exposed.


Up until somewhat recently, applications did "prebinding" which effectively caused the executable to be changed (to make them launch faster). The net result was that since the app was actually changed on the client's machine, there was no really useful way to sign the binary (you could do something with the macho sections that didn't need to be tweaked, but that limited the appeal of signed binaries).

You should definitely read <http://www.periodic-kingdom.org/People/ Miro/Papers/MacHack-SigningPrebound/SigningPrebound.pdf> for more details (though obviously there have been some system changes since then).


I'd thought about putting the required CRC/file size
info on a server somewhere, and then having the
installer query for it, but that seems a bit
overboard. It also has the distict disadvantage of
failing if the user downloads, then wants to install
later without an internet connection. (Which happens
more often than I would have guessed.)

Any thoughts or ideas would be appreciated.

Personally, if the signing of the application isn't a system level service, I don't hold any real stock in it. After all, if you're worried that the installer has been hacked to install a rogue binary, and then the checksum would catch this, nothing stops the installer from having been compromised to claim that the checksum is valid.

A long time ago, there was the ability to sign executables (AOCE provided digital signature complete with certificate verification), but there's nothing there now.

And ultimately, what _exactly_ are you trying to prevent? If somebody gets your application from somewhere other than your server, they could be getting anything. And if somebody can subvert your server, well, you've got bigger problems.



Glenn Andreas                      email@hidden
 <http://www.gandreas.com/> wicked fun!
Widgetarium | the quickest path to widgets

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Code signing

      • From: email@hidden
      • 





References: 


 >Code signing (From: Brad Peterson <email@hidden>)






    

  • Prev by Date:
Re: Float behaviour

    • 

  • Next by Date:
Re: Float behaviour

    • 

  • Previous by thread:
Code signing

    • 

  • Next by thread:
Re: Code signing

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •