macOS has two types of keychain, and its tools for working with them, Keychain Access and the command tool security, only work fully with one type.
certificates
Ventura aims to improve app security by checking integrity of apps and command tools whenever they’re run. How can it do that without significant overhead?
Are additional Gatekeeper checks in Ventura effective, and worth the effort? Surely malware can bypass them easily.
What are keychains? What do they store? Which are essential on Macs, and why do you get prompted to enter your password for access to them? How secure are they in iCloud?
GUI software and the commands you need to get the signature of an app checked thoroughly by macOS, plus a detailed list of error code.
App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.
There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.
App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?
Is Apple going to meet the promises it made a year ago, to protect its users around the world from the risk posed by its online signing certificate checks?
Now checks which versions of TLS a server supports, and gives details of its full headers with caching disabled.
The Eclectic Light Company 