On 2023-04-26 at 15:59:23 UTC-0400 (Wed, 26 Apr 2023 12:59:23 -0700)
davecc0000 <mailmate@lists.freron.com>
is rumored to have said:
Apple App Store and the like provide verification of all apps
submitted for distribution from the store.
For direct downloads such as the MailMate app, how do we verify that
the file has not been tampered with? Is there a signature or hash that
Benny can provide? I didn’t see any such on the download page.
Well, unless you've disabled the feature, macOS won't let you run a
downloaded application like MailMate unless it is signed by an
Apple-identified developer. You can verify this signature with Apple's
'codesign' tool:
$ codesign -v -v --check-notarization -d /Applications//MailMate.app/
Executable=/Applications/MailMate.app/Contents/MacOS/MailMate
Identifier=com.freron.MailMate
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=96607 flags=0x10000(runtime) hashes=3008+7
location=embedded
Signature size=9049
Authority=Developer ID Application: Freron Software (VP8UL4YCJC)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Mar 30, 2023 at 10:52:41 AM
Info.plist entries=33
TeamIdentifier=VP8UL4YCJC
Runtime Version=13.1.0
Sealed Resources version=2 rules=13 files=312
Internal requirements count=1 size=180
There's a man page for that tool if you want all the details...
If you like free GUI tools instead, see
https://objective-see.org/products/whatsyoursign.html for a gadget that
adds a "Signing Info" item to the Finder contextual menu, which you can
use to get info like the attached image.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailmate mailing list
mailmate@lists.freron.com
https://lists.freron.com/listinfo/mailmate
