MacOS – Checking apps for a “GateKeeper” Developer ID

applicationsmacosSecurity

Is there any way for a Mac user currently running Snow Leopard or Lion to check, maybe from the Terminal command-line, whether some application downloaded from the net was digitally signed with an Apple issued Developer ID?

If so, what might be the benefits for a Mac user to do such checking now?

Apple has been encouraging Mac developers to digitally sign their Mac applications with an Apple issued Developer ID, which Apple announced will be used by the Mac OS at some point in the future.

Best Answer

If you have the developer tools installed, you can view the signing information for a binary using this command:

codesign -dvvv <path to app.app>

The output looks like this:

Executable=/Volumes/Big Disk/F376/Projects/<My App>
Identifier=<My Bundle ID>
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=3958 flags=0x0(none) hashes=189+5 location=embedded
Hash type=sha1 size=20
CDHash=761b0d1XXXXXXXXXX0dc8dd42e38eb445fb5341f
Signature size=8504
Authority=Developer ID Application: XXXXXX
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=May 7, 2013 3:07:59 PM
Info.plist entries=30
Sealed Resources rules=4 files=128
Internal requirements count=1 size=224
Related Question