Sign your code

942 views
883 views

Published on

A description of how code signing works on Mac OS X, what it's capable of, and why Cocoa developers should be signing their apps. Note that this presentation was given before Apple announced the Mac app store, but the technology and concepts still apply.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
942
On SlideShare
0
From Embeds
0
Number of Embeds
31
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Who I am, what this presentation is about. Next: iPhone.
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • If you don’t sign (and, more specifically, follow Apple’s instructions to do so), you don’t get on the store. That’s it. Mention requirements here, analogue with name badge. Next: What’s going on?
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • Rely on the fact that a signature can be generated with the private key (by decrypting the checksum), and verified with the public key (by encrypting the signature and comparing with the checksum). Then a certificate explains who the holder of the private key is. Next: what this means to an app
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After these slides, explain the dynamic validity of the application. Next: how does this work? Demo of making a signature, viewing the requirement, changing the requirement, breaking the signature.
  • After the demo, we’re on to why.
    view reqs: codesign -d -r-
    change req: codesign -s "NSConference Demo" -f -r="designated => anchor apple" Code Signature.app/

  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Keychain: mention the legacy code path thing.
    Firewall
    Parental Controls
    Wolf Rentzsch: remind people of dynamic updating
    Plug-ins
    Launchd (go into SMJobBless demo)
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • Go into the demo from here. Point: you’re associating the helper with the app through their identities, so that the privileged tool can only be installed by its app, and the app can only install its helper. Avoids the problems with AEWP(), and avoids a custom install phase.
  • After the demo, we move on to problems.
  • Won’t stop crackers
    Won’t tell you whether to trust a vendor
  • Won’t stop crackers
    Won’t tell you whether to trust a vendor
  • Demo sig viewer. Next: Q/A
  • After this demo, it’s just the Q+A.










  • ×