由code验证应用的签名 [英] Verifying app's signature by code

问题描述

我的应用程序签名。我创建了一个身份和使用 codesign 签署我的应用程序按照苹果公司的<一个href=\"http://developer.apple.com/mac/library/documentation/Security/Conceptual/$c$cSigningGuide/Introduction/Introduction.html\"相对=nofollow> code签名指南。

I have app signed. I created an identity and used codesign to sign my app as per Apple's Code Signing Guide.

现在，我该如何从我的应用程序内检查签名？

Now, how do I check the signature from within my application?

我需要验证此可可应用程序（Objective-C的）和应用程序用C语言编写。

I need to verify this on Cocoa apps (Objective-C) and apps written in C.

推荐答案

注意：目前的MacOS X不验证签署$ C $执行前到c。这的可能的是沙盒code不同，它似乎合理，这是其它任何人都可以编辑的权利。

Note: Currently MacOS X does not verify signed code prior to execution. This may be different for sandboxed code, and it would seem sensible that it is otherwise anybody could edit the entitlements.

要在应用程序本身的检查应用程序签名您使用 code签名服务。在特定的外观二段codeCheckValidity 。在code做检查的时间不长，但有相当多的了解，所以我不会给一个code样品 - 你需要阅读和理解的文档

To check an applications signature from within the application itself you use the Code Signing Services. In particular look at SecCodeCheckValidity. The code to do the checking is not long, but there is quite a bit to understand so I won't give a code sample - you need to read and understand the documentation.

检查签名允许您的应用程序，以检测更改其code＆放;资源和报告它是破坏（很可能是，并非所有的变化都是恶意的），并拒绝运行。添加这种code当然并不保证您code不被破坏，但可以肯定它确实提高对故意伤害的屏障更高（如果MacOS X的启动做检查本身就会有一个巨大的胜利）。

Checking the signature allows your application to detect changes to its code & resources and report it is "damaged" (it may well be, not all changes are malicious) and refuse to run. Adding such code does not of course guarantee your code is not damaged, but certainly it does raise the barrier higher against intentional damage (and if MacOS X starts doing the check itself then there will be a big win).

这篇关于由code验证应用的签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！