Re: Code Signing for Dummies
Re: Code Signing for Dummies
- Subject: Re: Code Signing for Dummies
- From: Michael Ash <email@hidden>
- Date: Tue, 3 Mar 2009 11:21:42 -0500
On Tue, Mar 3, 2009 at 10:34 AM, Paul Sanders <email@hidden> wrote:
>> Apple can assume 2 applications calling themselves the same thing, with
>> different versions, signed with the same self-signed cert were published
>> by
>> the same person, and by extension, that any user preferences (firewall and
>> parental controls, are the only preferences that use code-signing at the
>> moment) associated with that application apply to the new version.
>
>> That said, 10.5's code-signing is not the final destination of this
>> feature
>> in OS X. They will extend the scope of code-signing tech in 10.6 and on.
>> It
>> was stated on another mailing at some point that Apple may choose to force
>> non-code-signed applications down different execution paths.
>
> OK, thank you. Is it possible, would you happen to know, for an application
> to verify its own signature? I do this on Windows (using WinVerifyTrust) to
> check that the code has not been tampered with. Can't trust anybody these
> days :)
If your goal is to protect your app from cracks, don't bother. When
they crack your app they will simply take out the self-verify, or
depending on how you verify, re-sign the app with a different
certificate.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden