Code Signing Services

Overview

Code signing is a macOS security technology that you use to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code. You can control how your signed code loads signed plug-ins and other signed code without invalidating the signatures of the host code or of the guest (dynamically loaded) code.

You work with code objects that represent uniquely identified elements of running code in the system. In addition to UNIX processes, these elements can include scripts, applets, widgets, and so forth. You also work with static code objects that represent code in the file system. Static code includes applications, tools, frameworks, plug-ins, scripts, and so on. Generally, a code object has a specific static code object from which it originates and that holds its static signing data. The reverse, however, is not true—given a static code object, it is not possible to find, enumerate, or control any code object that originated from it.

Topics

Code Objects

• SecCode
• SecCodeCopySelf(_:_:)
• SecCSFlags
• SecCodeGetTypeID()

Static Code

• SecStaticCode
• SecStaticCodeCreateWithPath(_:_:_:)
• SecStaticCodeCreateWithPathAndAttributes(_:_:_:_:)
• Code Attributes
• SecStaticCodeGetTypeID()

Working with Code Objects

• SecCodeCopyPath(_:_:_:)
• SecCodeCopyStaticCode(_:_:_:)
• Code Signing Architecture Flags

Code Signatures

• SecCodeCopySigningInformation(_:_:_:)
• Code Signing Information Flags
• Signing Information Dictionary Keys
• SecCodeSignatureFlags
• SecCSDigestAlgorithm

Code Requirements

• Applying Code Requirements
• SecCodeCopyDesignatedRequirement(_:_:_:)
• SecRequirement
• SecRequirementGetTypeID()
• SecRequirementType

Code Requirements as Data

• SecRequirementCopyData(_:_:_:)
• SecRequirementCreateWithData(_:_:_:)

Code Requirements as Text

• SecRequirementCopyString(_:_:_:)
• SecRequirementCreateWithString(_:_:_:)
• SecRequirementCreateWithStringAndErrors(_:_:_:_:)

Guest Code

• Hosting Guest Code
• SecCodeCopyGuestWithAttributes(_:_:_:_:)
• Null Guest Handle
• SecCodeStatus
• Guest Creation Flags
• Guest Attribute Dictionary Keys
• SecGuestRef

Guest Management

• SecCodeCopyHost(_:_:_:)
• SecCodeMapMemory(_:_:)

Tasks

• SecTaskCreateFromSelf(_:)
• SecTaskCreateWithAuditToken(_:_:)
• SecTask
• SecTaskGetTypeID()
• SecTaskCopySigningIdentifier(_:_:)
• SecTaskCopyValueForEntitlement(_:_:_:)
• SecTaskCopyValuesForEntitlements(_:_:_:)

Code Signature Validity

• SecCodeCheckValidity(_:_:_:)
• SecCodeCheckValidityWithErrors(_:_:_:_:)
• SecStaticCodeCheckValidity(_:_:_:)
• SecStaticCodeCheckValidityWithErrors(_:_:_:_:)
• Static Code Validation Flags

Result Codes

• Code Signing Services Result Codes
• User Info Dictionary Error Keys

See Also

Related Documentation

• Code Signing Guide