Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

Mac Developer: Apple codesigning Certificates

Bundle was signed with this leaf certificate:
certificate leaf[subject.CN] = "Developer ID Application: Gen Kiyooka"

0 Developer ID Application: Gen Kiyooka
1 Developer ID Certification Authority
2 Apple Root CA
designated requirements = anchor apple generic
and identifier "com.genkiyooka.developerid"
and (certificate leaf[field.1.2.840.113635.] /* exists */
or certificate 1[field.1.2.840.113635.] /* exists */
and certificate leaf[field.1.2.840.113635.] /* exists */
and certificate leaf[subject.OU] = MQK467HD9A)

Presumably for changes coming with Gatekeeper, Xcode 4.3 generates more elaborate designated requirements for codesigned Mac applications, depending on whether the signing certificate is a DeveloperID (internet distribution), MacDeveloper, or 3rd Party Mac Developer certificate (App Store submission).

I'm no x509 expert, but it appears that Apple has defined some certificate extensions for use in it's code signing certificates and the new designated requirements are referencing fields within the certificate extensions.

In particular, field.1.2.840.113635.100.6.1 is the prefix for constant kSecOIDAPPLE_EXTENSION_CODE_SIGNING and field.1.2.840.113635.100.6.2 is the prefix for extension constant kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER.

While these new designated requirements are certainly fancy, they are by no means required for DeveloperID codesigned applications to run under Gatekeeper. At least not the Gatekeeper simulation available under Lion.

x509 certificate extensions at stackoverflow.com
libsecurity_keychain/CertificateValues.cpp at opensource.apple.com

Labels: , ,

By : Tighten Apple codesigning Certificates


Post a Comment

[ Home ]




 Tighten App.app    
 Tighten Pro.app    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    

Copyright © 2005-2020
All Rights Reserved
Tighten Pro