Code signing for the concerned: 2 Creating a personal certificate

How can you create your own personal certificate suitable for signing your apps? Uses Certificate Assistant, and free of cost.

Code signing for the concerned: 1 Why?

Should you use ad hoc signing, or make your own personal certificate? Why would you want to sign a script or app you have made?

AMFI: checking file integrity on your Mac

Apple Mobile File Integrity is a combination of a KEXT and a LaunchDaemon which check app signatures, entitlements, and provisioning profiles.

How can Mojave let you open an app with signature errors?

The differences between a full Gatekeeper check, an AMFI check for integrity, and a normal app open, and why signature errors can be tolerated.

App signatures are always checked on launch, but serious errors may be ignored

Whenever an app is opened in 10.14.2, its signature is checked asynchronously, often several times. But in many cases, macOS doesn’t act on any errors returned.

Last Week on My Mac: Weed control in the walled garden

Another worthless piece of “security theatre” about bundle signatures. I wouldn’t bother reading it, or downloading the new version of Signet.

How thoroughly does Gatekeeper check existing apps?

Is checking bundle signatures a waste of time once they have passed their ‘first run’ check? Does macOS ever do that?

Mojave happily runs apps with revoked signatures, and more

Has your Mac got any old apps and other bundles on it? Have their signing certificates been revoked, or are they perhaps unsigned? Here’s a new app to help you find out.

What happens when you open a quarantined app?

Stepping through the key stages of opening an app in High Sierra. First, a ‘regular’ open, then with the quarantine flag, showing Gatekeeper checks and translocation.

A bug in signature-checking weakens most anti-malware tools

One of the basic checks which all malware protection should make is whether apps and other code have […]