App signatures are only checked on app first run – it may once have been true, but is no longer accurate. But can you bypass those additional checks? Is this a vulnerability?
signature
How can an app check that nothing has nobbled it? How to use its code signature to perform a simple launch test.
Do you use digital signatures in PDF documents, or do you trust your PDF reader to check them? You could be spoofed into trusting forgeries.
Can you get malware in PDF? How far can you trust a PDF, or could it be a forgery? How to sign PDFs, and what data may remain hidden inside them.
Can you sign AppleScript apps in Script Editor? Is there a better tool? What’s the best way to sign a command tool developed in Xcode?
One important requirement for code signatures is with Mojave’s new privacy controls. Are they needed, though?
Testing at the command line, with What’s Your Sign?, and according to the requirements of the signature.
How to perform ad hoc signing, signing with a personal certificate, and set signing up in Xcode.
How can you create your own personal certificate suitable for signing your apps? Uses Certificate Assistant, and free of cost.
Should you use ad hoc signing, or make your own personal certificate? Why would you want to sign a script or app you have made?
