About Code Signing

Code signing is a security technology, used in OS X, that allows you to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code.

../Art/code_signing.png

Users appreciate code signing. After installing a new version of a code-signed app, a user is not bothered with alerts asking again for permission to access the keychain or similar resources. As long as the new version uses the same digital signature, OS X can treat the new app exactly as it treated the previous one.

Other OS X security features, such as App Sandbox and parental controls, also depend on code signing.

In most cases, you can rely on Xcode’s automatic code signing (described in App Distribution Guide), which requires only that you specify a code signing identity in the build settings for your project. This document is for readers who must go beyond automatic code signing—perhaps to troubleshoot an unusual problem, or to incorporate the codesign(1) tool into a build system.

At a Glance

The elements of code signing include code signatures, code signing identities, code signing certificates, and security trust policies. Be sure to understand these concepts if you need to perform code signing outside of Xcode.

Before you can sign code, you must obtain or create a code signing identity. You then sign your code and prepare it for distribution.

To specify recommended criteria for verifiers to use when evaluating your app’s code signature, you use a requirements language specific to the codesign(1) and csreq(1) commands. You then save your criteria to a binary file as part of your Xcode project.

Prerequisites

Read Security Overview to understand the place of code signing in the OS X security picture.

See Also

For descriptions of the command-line tools for performing code signing, see the codesign(1) and csreq(1) man pages.