How to Use Code signing in MacOS?

1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 4.83 out of 5)
Loading...
Using Code signing in MacOS

By digitally signing your code with a code signing certificate, you can verify your identity as a developer and protect your users from potential security risks. If you’re a MacOS user looking to learn how to sign a code in Mac OS, this installation blog is your Apple Code signing Guide that will help you through the step-by-step process.

The process is a simple task that can be accomplished using Apple’s codesign tool through the command line. However, if you want your application distribution to be done through the App Store or want it to be opened with an enabled Gatekeeper, having a Code Signing certificate alone is not enough.

In such cases, you must create a developer account and use Apple Developer Code Signing certificates. This will ensure compatibility with Gatekeeper. These steps are crucial to ensure that your code is signed correctly, ensuring the integrity and authenticity of your software.

Let’s Begin the Installation

Apple code signing is done from the command line using their (aptly named) codesign tool.

Code Sign your Software in Mac OS

First, if you have used the Mac Keychain Access Manager to obtain your certificate, you must locate it there. However, if you have not used Keychain Access Manager, follow the below instructions.

  • Begin by saving the P12 or PFX file on your Mac’s hard drive.
  • Next, go to Applications/Utilities and launch Keychain Access.
  • From there, select File –> Import Items and choose the PFX/P12 file.
  • Then, choose Login or System for the certificate destination. You will be asked to enter the password used during the creation of the certificate. Enter the password.

In case you have used Keychain Access Manager, you can directly start with this step:

  • Open the terminal window to sign a Mac .app file and type in the command:
codesign -s "Company Name" "/Applications/Utilities/My App.app"

When using the full path for the file name, you can locate your certificate’s common name in the Keychain Access Manager. Once you hit Enter, you may need to confirm the action.

Note: If you receive the “CSSMERR_TP_NOT_TRUSTED” error, you must install an Intermediate certificate on your machine. To do so, view the details of your code signing certificate and locate the Issuer’s Common Name. After identifying it, download and install the Intermediate certificate that corresponds to the Issuer’s Common Name.

Following the installation of the Intermediate certificate, using codesign should go without a hitch. However, to make sure that your code signing certificate is trusted and that it can be applied to macOS code signing, you must complete this step.

The next step is checking to see if the codesign in macOS was successfully finished.

Read Also: How to Collect an EV Code Signing Certificate?

You must go through the signature verification process in order to verify. First, let’s check the procedure.

Signature Verification

Verifying the signature of an application is essential if you are signing one that came from a third-party source because the likelihood of it being altered is higher.

The following command should be entered to confirm the signature:

"/Applications/Utilities/My App.app," codesign -v

(Ensure that the file name contains the whole path.)

In the absence of a response, the application is considered to be signed and authentic.

Using the “codesign” command is another approach to confirm the signature.

Here’s how to go about it:

/Applications/Utilities/My App.app codesign -dv —verbose=4

If there isn’t a response, the application is verified as being signed, and you are free to use it without any worries.

Read Also: How to Export a Code Signing Certificate on Mac?

Note: Previously, Apple changed the settings in Gatekeeper, which changed how OS X handles certificates issued by certificate authorities other than Apple. With these modifications, the system can no longer accept any certifications that Apple does not produce. Despite this, Apple’s operating systems now recognize an additional certificate authority.

To ensure that certificates from other CAs can operate to their full capacity, the default configuration has not been altered. Hence, it is questionable whether OSX will natively handle certificates from other CAs. On the OSX platform, Java can nevertheless be used to leverage certificates from other CAs.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.