Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Sign your code

on

  • 1,020 views

A description of how code signing works on Mac OS X, what it's capable of, and why Cocoa developers should be signing their apps. Note that this presentation was given before Apple announced the Mac ...

A description of how code signing works on Mac OS X, what it's capable of, and why Cocoa developers should be signing their apps. Note that this presentation was given before Apple announced the Mac app store, but the technology and concepts still apply.

Statistics

Views

Total Views
1,020
Views on SlideShare
992
Embed Views
28

Actions

Likes
0
Downloads
10
Comments
0

1 Embed 28

http://coderwall.com 28

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Who I am, what this presentation is about. Next: iPhone. <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • If you don&#x2019;t sign (and, more specifically, follow Apple&#x2019;s instructions to do so), you don&#x2019;t get on the store. That&#x2019;s it. Mention requirements here, analogue with name badge. Next: What&#x2019;s going on? <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature. <br />
  • After the demo, we&#x2019;re on to why. <br /> view reqs: codesign -d -r- <br /> change req: codesign -s "NSConference Demo" -f -r="designated => anchor apple" Code Signature.app/ <br />
  • <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Keychain: mention the legacy code path thing. <br /> Firewall <br /> Parental Controls <br /> Wolf Rentzsch: remind people of dynamic updating <br /> Plug-ins <br /> Launchd (go into SMJobBless demo) <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • Go into the demo from here. Point: you&#x2019;re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase. <br />
  • After the demo, we move on to problems. <br />
  • Won&#x2019;t stop crackers <br /> Won&#x2019;t tell you whether to trust a vendor <br />
  • Won&#x2019;t stop crackers <br /> Won&#x2019;t tell you whether to trust a vendor <br />
  • Demo sig viewer. Next: Q/A <br />
  • After this demo, it&#x2019;s just the Q+A. <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />

Sign your code Sign your code Presentation Transcript

  • Signing Your Code Graham Lee
  • iPhone OS
  • iPhone OS View slide
  • iPhone OS View slide
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key 50f4b5a228b18a0c55747daee6f09c3800773b14
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key Public Key 50f4b5a228b18a0c55747daee6f09c3800773b14
  • Identity Private Key Public Key 50f4b5a228b18a0c55747daee6f09c3800773b14 50f4b5a228b18a0c55747daee6f09c3800773b14
  • Identity Private Key Public Key
  • Identity Private Key Public Key
  • Identity Private Key
  • Application Signing MyGreatApp.app
  • Application Signing MyGreatApp MacOS Contents Resources NIBs, images… MyGreatApp.app Helpers, libraries… …
  • Application Signing MyGreatApp NIBs, images… MyGreatApp.app
  • Application Signing MyGreatApp NIBs, images… MyGreatApp.app
  • Application Signing MyGreatApp NIBs, images… MyGreatApp.app
  • Application Signing MyGreatApp NIBs, images… MyGreatApp.app
  • Demo
  • Kitten Interlude
  • But why?
  • But why?
  • But why?
  • But why?
  • But why?
  • But why?
  • But why?
  • But why?
  • SMJobBless()
  • SMJobBless()
  • SMJobBless()
  • SMJobBless() Helpers: Clients:
  • SMJobBless() Helpers: Clients:
  • Demo
  • Is there anything it can’t do?
  • Is there anything it can’t do?
  • Is there anything it can’t do?
  • If you love it so much, why don’t you marry it?
  • Demo
  • iamleeg
  • iamleeg