LazerPanther/code-signing.md

Created January 16, 2016 05:03

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/LazerPanther/86f2268a90bd89f37536.js"></script>
Save LazerPanther/86f2268a90bd89f37536 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

code-signing.md

Code Signing

A few ways of checking code signatures on OS X.

Simple

$ /usr/bin/codesign --verify --deep --verbose /Applications/Xcode.app
/Applications/Xcode.app: valid on disk
/Applications/Xcode.app: satisfies its Designated Requirement

Checksum the individual signing certificates

$ /usr/bin/codesign -d --extract-certificates /Applications/Xcode.app
Executable=/Applications/Xcode-7.app/Contents/MacOS/Xcode
$ /usr/bin/shasum -a 256 *
2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32  codesign0
5bdab1288fc16892fef50c658db54f1e2e19cf8f71cc55f77de2b95e051e2562  codesign1
b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024  codesign2

SecAssessment system policy security

$ /usr/sbin/spctl --assess --verbose=4 --type execute /Applications/Xcode.app
/Applications/Xcode.app: accepted
source=Apple System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment