Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

5.04.2012
Mac Developer: Developer ID and Gatekeeper - Apple Developer

You may have heard about Developer ID and Gatekeeper, new security features coming in Mountain Lion. Essentially, this is an implementation of codesigning designed to secure 3rd party applications distributed over the internet.

Using Tighten Pro, you can inspect the certificate chain of any codesigned application. Last year, on stackoverflow.com, I wrote about the differences between the codesign on your app after you sign it with Xcode vs. your app after being delivered by the Mac App Store.

To summarize, the certificate chain looks like this after you sign it with Xcode and submit it to Apple for approval:

[LEAF] 3rd Party Mac Developer Application: "ME"
[AUTH] Apple Worldwide Developer Relations Certification Authority
[ROOT] Apple Root CA

After approval and delivery to the customer from the Mac App Store, the certificate chain looks like this:

[LEAF] Apple Mac OS Application Signing
[AUTH] Apple Worldwide Developer Relations Certification Authority
[ROOT] Apple Root CA

Under Gatekeeper and Developer ID, an application developed by you and shipped directly to customers after codesigning should look something like this:

[LEAF] Developer ID Application: "ME"
[AUTH] Developer ID Certification Authority
[ROOT] Apple Root CA

We've already tested Tighten with self-signed certificate chains and it works correctly as long as the leaf signing certificate has been signed by an intermediate authority (3 levels). It is possible to create your own Root CA and issue your own codesigning certificates. It can be done with Apple's Certificate Assistant (Keychain Access.app), but it is tricky due to bugs in Certificate Assistant.

Labels: , , ,

By : Tighten Developer ID and Gatekeeper - Apple Developer

0 Comments:

Post a Comment

[ Home ]

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro