S 4.377 Checking the Mac OS X signatures

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

In Mac OS X 10.5 and higher, every executable operating system component is digitally signed by Apple. Third party manufacturers are also requested to sign their own programs. If any change is made to a signed program, for example, by malware, the signature becomes invalid. Therefore, if a new program is used, its signature must be checked. If no signature information is available the program should at least be checked by means of a virus protection program. To check the validity of a signature Apple uses a public key infrastructure, similar to the one used for HTTPS websites. The administrators should be trained in the use of the command "codesign" to be able to perform a one-off signature check for every new program.

Whether a program has a valid signature can be checked by entering the following command in the line command:

codesign --verify --verbose /path/to_file/file name.app

If the signature is valid the file complies with the original distributed by the manufacturer and has not been changed. In this way, any manipulation on the transmission route can be excluded.

Signatures are also used for reliable recognition of programs. This ensures that the corresponding settings in the "Parent Control", the firewall and the key chain apply to these programs.

Review questions:

• Are the digital signatures of Mac OS X applications checked prior to installation?