On Tue, Mar 3, 2009 at 10:34 AM, Paul Sanders wrote:
>> Apple can assume 2 applications calling themselves the same thing, with
>> different versions, signed with the same self-signed cert were published
>> by
>> the same person, and by extension, that any user preferences (firewall and
>> parenta
>> OK, thank you. Is it possible, would you happen to know, for an
>> application
>> to verify its own signature? I do this on Windows (using WinVerifyTrust)
>> to
>> check that the code has not been tampered with. Can't trust anybody
>> these
>> days :)
> It is possible, but the APIs to cod
> OK, thank you. Is it possible, would you happen to know, for an application
> to verify its own signature? I do this on Windows (using WinVerifyTrust) to
> check that the code has not been tampered with. Can't trust anybody these
> days :)
>
It is possible, but the APIs to code-signing are p
> Apple can assume 2 applications calling themselves the same thing, with
> different versions, signed with the same self-signed cert were published
> by
> the same person, and by extension, that any user preferences (firewall and
> parental controls, are the only preferences that use code-signing
>>> So do I just create self-signed certificate and select it in the Xcode
>>> build settings and that's it? Everything is as desirable and as
>>> functional as need be?
>
>> Pretty much. Although in future versions Apple may elect to nag if the
>> certificate is not signed by a trusted root autho
>> So do I just create self-signed certificate and select it in the Xcode
>> build settings and that's it? Everything is as desirable and as
>> functional as need be?
> Pretty much. Although in future versions Apple may elect to nag if the
> certificate is not signed by a trusted root authority.
> So do I just create self-signed certificate and select it in the Xcode
> build settings and that's it? Everything is as desirable and as
> functional as need be?
Pretty much. Although in future versions Apple may elect to nag if the
certificate is not signed by a trusted root authority.
___
Alright, so I've read the docs on code signing, but it's a little too
detailed in some areas and has no big picture. I have a typical
bundled Cocoa app that uses a few frameworks. I want to use code
signing so that each time I update the app, users don't get the
keychain nag dialog. (Actu
