Code signing: Not as new as you think
Code signing is new in Leopard, right?
Right?
No, actually; it’s much older, as I found out while responding to a question on programming.reddit. In my results for a Google search that I did, I stumbled over a link to TN1176, which mentions the addition of code signing.
TN1176 is the release notes for Mac OS 9.
The technote doesn’t actually say much. In fact, I can go ahead and quote it in full:
Apple Code Signing is a new technology in Mac OS 9
that allows applications, plug-ins, and content to be
signed by developers. Apple Code Signing Certificates
assure your customers of your identity and the integrity
of your products. For more information, please see the
Mac OS Security and Cryptography Web
site.
That site’s gone now, of course. Fortunately, the Wayback Machine saved a copy.
Apple Verifier
Apple Signer
The top link on that page is to the Security 2.0 SDK, which includes a lot of stuff relating to code signing. There’s a pair of utilities called Apple Signer and Apple Verifier, some API documentation, some sample code, some resource templates (remember those?), a library, and the debugging root certificate.
UPDATE 06:29: Apple Verifier actually comes with the OS, but Apple Signer is only available in the SDK.
If you’ve ever seen a 'sign' resource while hacking in ResEdit, now you know what it was.
Meet the new boss
Same as the old boss
Oh, and in case you’re wondering what the Signer and Verifier applications look like:
Signer at work.
Signer can also verify.
Result of verification.
These are the certificates from the verification. The root cert is the “Issuer’s Certificate” for the other one.
This is why I didn’t explain the difference between Apple Signer’s Verify command and Apple Verifier: I don’t know, because this message comes up when I try to launch Apple Verifier. And no, I don’t know why the message comes up.