App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.
cdhashes
There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.
What are checksums, CRCs and hashes? What is required for a hash to be cryptographic, and how any of these affect your Mac? Some answers and explanations.
How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.
The benefits of code signing for Mac users explained. How certificates are revoked, and what happens when they are. And there’s more to signatures than just the certificate.
