Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

9.29.2012
Mac Developer: codesigning for Mountain Lion building on Snow Leopard

No teams showing in organizer | Cocoabuilder
You *can* sign with Developer ID on a Mac running Snow Leopard.  It is not officially supported, but it is unofficially supported and somewhat documented.

You need a Mac running Xcode 4.3+ in order to retrieve your Signing Certificate(s).  You then export this from Xcode 4.3+, then import into Keychain Access in your Build Mac.  Then you can sign anything with Developer ID on your Build Mac using the 'codesign' command-line tool.  I am running Xcode 3.2.5 under 10.7 (not supported, but I do it anyhow), and have successfully added this step to my build script and it works.
Personally, I haven't had any trouble building and signing with Xcode 3.2.5. However, in order to get applications into the App Store successfully you will need to build retina Icons on Lion or Mountain Lion using iconutil and then use these icns in your Xcode 3.2.5 build.

Labels: , , , ,

By : Tighten codesigning for Mountain Lion building on Snow Leopard 0 comments

 
9.27.2012
Mac Developer: Red Sweater Blog – The Sandbox’s Big Red Button

Red Sweater Blog – The Sandbox’s Big Red Button: "(if (entitlement 'com.apple.security.network.client') (allow network-outbound (remote ip)))"

A nice article about the language used to express Sandboxing entitlements. Looks a lot like LISP.

Labels: , , ,

By : Tighten Red Sweater Blog – The Sandbox’s Big Red Button 0 comments

 
Mac Developer: Sandbox of frustration: Apple's walled garden closes in on Mac developers | The Verge

Sandbox of frustration: Apple's walled garden closes in on Mac developers | The Verge: "Sadly, not all apps can afford to abide by Apple's rules. Popular launcher and macro app Alfred 'works deep into the heart of your Mac,' and thus can't sandbox without losing several key features that take advantage of scripts in OS X. "

Soon there will be a solution for this problem… stay tuned!

Labels: , ,

By : Tighten Sandbox of frustration: Apple's walled garden closes in on Mac developers | The Verge 0 comments

 
9.23.2012
Mac Developer: Tighten Free Download

Just added a download link to the Free edition of Tighten: generates a customized implementation of Mac App Store Receipt Validation unique to your application. Better than using free code samples from the internet. Consider upgrading to Tighten Pro for a more secure implementation.

Labels: , , ,

By : Tighten Tighten Free Download 0 comments

 
9.12.2012
Mac Developer: Checking Code Signing and Sandboxing Status in Code – Ole Begemann

Checking Code Signing and Sandboxing Status in Code – Ole Begemann
Can we do the same in code? Yes we can. With a lot of help from my coworkers Jörg Jacobsen (see his work on XPC and Sandboxing for the iMedia framework) and Christian Beer (who pointed me to the source code for the codesign utility), I wrote a category on NSBundle that can tell you for any application bundle: · whether it has a valid code signature, · whether it is sandboxed and · whether it was downloaded from the Mac App Store."

Labels: , ,

By : Tighten Checking Code Signing and Sandboxing Status in Code – Ole Begemann 0 comments

 
9.09.2012
Mac Developer: Xcode static openssl darwin libssl.a libopenssl.a

#!/bin/bash
cd /Users/me/openssl/
OPENSSL_VERSION="1.0.1c"
curl -O http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_i386
tar -xvzf openssl-$OPENSSL_VERSION.tar.gz
mv openssl-$OPENSSL_VERSION openssl_x86_64
cd openssl_i386
./Configure darwin-i386-cc
make
cd ../
cd openssl_x86_64
./Configure darwin64-x86_64-cc
make
cd ../
mkdir libopenssl
mkdir libopenssl/lib
libtool -static -o ./libopenssl/lib/libcrypto.a ./openssl_i386/libcrypto.a
./openssl_x86_64/libcrypto.a
libtool -static -o ./libopenssl/lib/libssl.a ./openssl_i386/libssl.a
./openssl_x86_64/libssl.a
ln -s -v /Users/me/openssl/openssl_i386/include openssl-$OPENSSL_VERSION
ln -s -v /Users/me/openssl/openssl_x86_64/include libopenssl
rm openssl-$OPENSSL_VERSION.tar.gz

Dynamically linking to crypto.dylib has been deprecated and CommonCrypto is the preferred system API. If you rely on openssl, you may want to create static libaries and link to them directly. I was scrounging on the internet and found a script which I modified for this purpose. Replace /Users/me/openssl with your own private openssl directory name.

By : Tighten Xcode static openssl darwin libssl.a libopenssl.a 0 comments

 
9.08.2012
Mac Developer: Another Viewer for Mac App Receipts

ViewBer
ViewBer is a free utility that displays the ASN.1 structure of a BER-encoded file. ViewBer can be used to view the contents of DER and PEM encoded X.509 certificates, PKCS#12, PKCS#10, CSR files, PKCS#7, etc.

This shows a slightly different view of the PKCS#7 structure. To use with a Mac App Receipt, copy the receipt to the desktop, add a .ber file extension and open it with ViewBer.

Labels: , ,

By : Tighten Another Viewer for Mac App Receipts 0 comments

 
9.07.2012
Mac Developer: Re-Signing iOS apps

Re-Signing iOS apps
In order for an app to run on an iOS device, it needs to be code signed. This proves to iOS that the app has been approved to run on iOS devices. This is true of any apps in the App store, ad-hoc, or enterprise apps. The App store apps add an additional level of protection, as the apps are not only cryptographically signed by Apple, but also protected by DRM. Since only Apple can apply this DRM to apps, the app needs to go through the approval process and be “blessed” by Apple."
Even though this article is about iOS applications, it reveals some important ideas for Mac developers distributing applications signed with Developer ID. If the application itself does not check the code signature, your work could be altered and redistributed with different credentials.

Labels: , , ,

By : Tighten Re-Signing iOS apps 0 comments

 
9.03.2012
Mac Developer: Apple turns on App Store Genius recommendations for developers

Apple turns on App Store Genius recommendations for developers: "Apple rolled out a revamped App Store for iOS 6 beta on Friday, though at the time it appeared to be a work in progress as Genius recommendations weren't yet activated and the 'Chomp-inspired' layout seen on the iPad version had yet to make its way to the iPhone. "
When the gorilla shuffles it's foot, thousands of ants die.

Labels: ,

By : Tighten Apple turns on App Store Genius recommendations for developers 0 comments

 
Mac Developer: Quarantine, Gatekeeper and xattr

Issue 156 - soundflower

OK, I seem to have found a fix for this. The problem seems to be that the installer gets 'quarantined' because of an unrecognised certificate. This is marked against the file by an extended attribute. You need to clear the attribute to allow the installer to run again. The command for this is:

xattr -c

The installer will run after this. It throws up a certificate error but you can tell the system to trust it. For some reason, the install ran completely clean...

More about the xattr command at developer.apple.com.

Labels: ,

By : Tighten Quarantine, Gatekeeper and xattr 0 comments

 
9.01.2012
Mac Developer: PKCS#7Viewer.app - Mac App Store Receipt viewer/inspector

PKCS#7Viewer.app - Mac App Store Receipt inspector
It turns out the Mac App Store receipt is stored as the signedPayload within a very standard public-key standards container format designed in the early 90s by RSA.

Introducting PKCS#7Viewer.app, the handy companion to Mac App Store In-App Purchase receipt parsing and validation.

Labels: , , , , ,

By : Tighten PKCS#7Viewer.app - Mac App Store Receipt viewer/inspector 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro