Hi,
how can I check if a code signature contains a signed timestamp?
$ codesign -s "Developer ID..." --options runtime -f --timestamp MyApp.app
MyApp.app: replacing existing signature
$ codesign --display -v MyApp.app 2>&1 | grep 2020
Timestamp=30. Apr 2020 at 14:25:45
Is this a secure timestamp? Or just a timestamp without signature?
In my understanding --timestamp=none should disable secure timestamping:
$ codesign -s "Developer ID..." --options runtime -f --timestamp=none MyApp.app
MyApp.app: replacing existing signature
$ codesign --display -v MyApp.app 2>&1 | grep 2020
Signed Time=30. Apr 2020 at 14:24:24
Why do I get a a "Signed Time" here??