Hi, I have an endpoint security app and I was wondering what is the best way to check if a process was signed by a specific Developer ID certificate. Lets say im subscribed to auth_exec events and wanted to deny execution of processes signed with Developer ID Application: Adobe Inc.
Would obtaining the common names of the certificate with SecCertificateCopyCommonName and then comparing strings be the right way or am I missing something?
Would obtaining the common names of the certificate with
SecCertificateCopyCommonNameand then comparing strings be the right way … ?
Oh goodness me no! The correct overall strategy is to craft a code signing requirement and then use the code signing API, calls like SecCodeCheckValidityWithErrors, to check whether the code satisfies that requirement.
For general info on code signing requirements, see Code Signing Guide > Code Signing Requirement Language.
The tricky part here is crafting the correct requirement. I’m not able to offer advice about that here on DevForums right now. If you need an answer urgently, open a DTS tech support incident and we can talk privately. Alternatively, if you can wait for a couple of weeks … bah! I’m not allowed to talk about The Future™ )-:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
