Above mentioned problem of timestamp change occurs when file system on pen drive is FAT-32. I tried changing file system on pen drive to APFS but same problem persists. @eskimo Do you have any input regarding above mentioned problem.

@eskimo, I have replied with answer for your query. Your inputs are appreciated .

code sign tool gives below as type of certificate we used for app, executable. Authority=Apple Development:XXXXX Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA pkgutil tool gives below as type of certificate we used for pkg. Status: signed by a developer certificate issued by Apple (Development)   Certificate Chain:   1. 3rd Party Mac Developer Installer:XXXXX I think we have used 'Apple Development' certificate for signing process which can be revoked from developer account Question: Does revocation check API (SecPolicyCreateRevocation) need app/pkg/executable signed with 'Developer ID Application' certificates only ?

@eskimo I want to do below actions: I extract certificate chain of app file. I create revocation policy using API SecPolicyCreateRevocation(….) I create trust object with above policy and certificate chain. Then Evaluate certificate chain from step 1 using trust object created in step 3 using API SecTrustEvaluate(…) To test above process, I have created binaries and signed them by ‘Apple Development’ certificate created via apple developer site. I revoked the certificate and expecting SecTrustEvaluate to give failure result but I am getting ‘kSecTrustResultUnspecified’. So want your help in case I am missing anything and what should be proper way of checking revocation of certificates.

It is Endpoint Security Product where admin controls end user systems. One control is "Reporting files whose certificates are revoked by owner". Steps I am trying to achieve above mentioned objective is given in the before reply. So please help me to understand how should I test the revoked binaries using SecTrustEvaluate API.

Thanks for detailed explanation. It is correct that, Development signed code [signed with Apple Development: TTT] is already restricted, but as a developer, I have access to only 'Apple Development' certificate available at Apple Developer account. So to just validate/test my application, is there any way to check revocation status of file signed by 'Apple Development' certificate.