How to check timestamp of code signature?

Code Signing General
jogri OP
Created Apr ’20
Replies 3
Boosts 0
Views 2.3k
Participants 3

Hi,


how can I check if a code signature contains a signed timestamp?


$ codesign -s "Developer ID..." --options runtime -f --timestamp MyApp.app
MyApp.app: replacing existing signature
$ codesign --display -v MyApp.app 2>&1 | grep 2020
Timestamp=30. Apr 2020 at 14:25:45


Is this a secure timestamp? Or just a timestamp without signature?

In my understanding --timestamp=none should disable secure timestamping:


$ codesign -s "Developer ID..." --options runtime -f --timestamp=none MyApp.app
MyApp.app: replacing existing signature
$ codesign --display -v MyApp.app 2>&1 | grep 2020
Signed Time=30. Apr 2020 at 14:24:24


Why do I get a a "Signed Time" here??

Answered by DTS Engineer in 417809022 
Timestamp
indicates a secure timestamp from the Apple timestamp service. In contrast, 
Signed Time
is an insecure timestamp, that is, it’s whatever value was returned by the clock on the Mac that did the signing.

For more details, see the doc comments for 

kSecCodeInfoTimestamp
and 
kSecCodeInfoTime
in 
<Security/SecCode.h>
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Replies  3
Boosts  0
Views  2.3k
Participants  3
DTS Engineer OP
Apple
May ’20
Accepted Answer 
Timestamp
indicates a secure timestamp from the Apple timestamp service. In contrast, 
Signed Time
is an insecure timestamp, that is, it’s whatever value was returned by the clock on the Mac that did the signing.

For more details, see the doc comments for 

kSecCodeInfoTimestamp
and 
kSecCodeInfoTime
in 
<Security/SecCode.h>
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
1
absinth OP
May ’20

we've successfully created native code to parse the Timestamp from the binary. this is a few orders of magnitude faster than calling codesign (which also insists on returning localized date formats which is just *insanity* for parsing programatically). the Timestamp is just yyyyMMddHHmmssZ0 somewhere at the end of the binary.


now we'd like to parse the 'Signed Time' (kSecCodeInfoTime) directly too (especially because this is often not even returned by 'codesign' unless you point it at some embedded framework on pre-Catalina systems!), but we didn't make headways there. it certainly doesn't seem to be stored in 'yyyyMMddHHmmss' format in the main executable.


mighty and wise eskimo, do you have any technical information here?

0
DTS Engineer OP
Apple
May ’20

we've successfully created native code to parse the 

Timestamp
from the binary.

Using the 

SecCode
API? Or grovelling through the binary itself?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
How to check timestamp of code signature?
First post date Last post date
 
 
Q