Last Updated: 2013-05-16 21:51:14 UTC
by Daniel Wesemann (Version: 1)
As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected.
To verify and extract signatures and certificates on an Apple .app, you can do (example Mail.app)
codesign -dvvvv --extract-certificates /Applications/Mail.app
This will save the certificates in DER format, named codesign0, codesign1, etc. These can then be displayed as usual with OpenSSL
openssl x509 -inform DER -in codesign0 -text