AutoVue API - Code Signing - Brand

Similar Messages

• "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.]" for brand new, vanilla Mac App

  In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster. 
  Under Preferences > Accounts, I signed in to my Mac Developer Account.
  In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
  I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
  In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
  I select my Provisioning Profile in the dropdown, and click "Validate".
  It comes back with several errors:
  1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
  2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'.  If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
  3 - Invalid Code Signing Entitlements.  The entitlements in your app bundle signature do not match the ones that are contained in the provision profile.  The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
  I was able to do the same process before, for a vanilla app, before Mavericks.  I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects.  Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
  Would love any help you can provide!  Thank you!

  Seen this thread?
  New codesign behavior, --deep option 
  "Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools."

• Mac C++ tool verifying code signing cert / signature

  I have a command line tool I have code signed using the "codesign" tool.  Using its -vv option it verifies that my code is indeed signed.  Now here is my problem, it doesn't tell me who signed it, ie: The name on the cert and stuff like that.  To complicate matters even further, I wish to be able to do this from a C++ application.  I want to look at a binary file, see that it is signed, and signed by us.  As a security measure I would like to only allow our application to update if the new files are signed by us.  I am having trouble locating any API which deals with this.  On the windows world there is an obscure API that allows me to do this.  I do not even know if such and API system exists in the Apple world since code signing is brand new introduced in 10.5.
  In addition to some API help, if there is a way to simply get information about who signed an executable (On windows you just right-click and pick properties) and you can get all sorts of information about the digital signature);  Is there something like this on a Mac?
  Thanks for any help I can get.

  Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
  1.  Is the cert that this file signed with valid (chain of trust and all that).
  2.  What is the name of the cert (the identity).
  If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
  Maybe this will clarify my question. I guess I could rephrase this question as:
  "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?

• Code Signing a Director 12 App for the AppStore

  I have seen a few discussions on this topic and signing and submitting to the AppStore while full of challenges was possible with Director 11.
  With Director 12, we have been unable to code sign the projector.
  We use the Terminal to do it:
  codesign -f -v -s "3rd Party Mac Developer Application: Developer's Name" [path to .app]
  We get the following error:
  /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cod esign_allocate: the __LINKEDIT segment does not cover the end of the file (can't be processed) in: /Users/OurApp.app/Contents/MacOS/OurApp
  /Users/OurApp.app: code failed to satisfy specified code requirement(s)
  Any ideas would be welcome!
  Additionally:
  I have just discovered that unless Director is updated any submissions to the Apple App Store will be refused because of the use of the QuickTimes APIs
  Deprecated API Usage - Apple no longer accepts submissions of apps that use QuickTime APIs.

  There isn't a way to save as an earlier version, but my article from 13 years ago still holds true:
  http://www.director-online.com/buildArticle.php?id=1034
  The article tells you how to find two copies of a particular pair of numbers. For D7 those numbers would be 057E, D8 would be 0640, and D8.5 is 073A. Changing the two places where those number are will make the DIR open in older versions of Director.
  The numbers for D11.5 are 0782, and for D12 they are 079F. So, track down the two places where 079F are (which are 18 positions apart) and change them to 0782, and you'll be able to open the file in D11.5.
  One change since I wrote that article is that the identification sequence is now the Windows one on Mac too, most likely because it's an Intel app now. So, the number sequence to look for to get close to those two numbers is 46 43 52 44. In the file I checked there were three places where those numbers were, and it's the last of the places that followed by the two numbers, about 8 & 26 bytes later.

• How to generate single signature for code signing and timestamp

  Hi we are developing Win 7 VC++ app using Crypto APIs.
  Here code signing is done using Cryptsignhash() method, that generates the signature. Later for time stamping CryptRetriveTimestamp() method is used which also generate the time stamp signature. Thus we wanted to know
  whether there is any single Crypto API available that can do code signing and timestamping together and shall generate single signature. At verification side it should be also possible to separate code signing and timestamp signatures prior to verification.
  Any help is highly appreciated. Thanks.

  On 4/17/2015 1:21 AM, Babu12345 wrote:
  *Hi we are developing Win 7 VC++ app using Crypto APIs. *
  *Here code signing is done using Cryptsignhash() method, that generates the signature. Later for time stamping CryptRetriveTimestamp() method is used which also generate the time stamp signature. Thus we wanted to know whether there is any single Crypto API
  available that can do code signing and timestamping together and shall generate single signature.
  No. Normally, you don't counter-sign the actual data - you counter-sign and time stamp your signature. You don't want to transmit the whole data (which could be a) large and b) confidential) to a third party. This is why it's a two step process.
  Igor Tandetnik

• Required code signing error.....

  Hi i have a blackberry application that is developed with out any locked APIs. when i attempt to run that application in my blackberry curve mobile iam getting an error "module must be signed with the RIM Runtime Code Signing Key(RRT)".
  Please advice me to get out from this problem
  Thank you....

  Seems that you have used signed RIM api.
  You need to sign your application.
  Go to the page: https://www.blackberry.com/SignedKeys/
  and purchase signature keys. It costs 20 USD for unlimited qty of signatures and unlimited time frame.
  Message Edited by tbilisoft on 08-12-2008 06:57 AM

• Using a Code Signing Certificate for download on Azure

  Currently, I have a hosted web application and Web API on a VM that I use to allow users to download an executable file that is signed with a Code Signing certificate. My question is how would I do the same thing with a Web Role or Cloud Service?  The
  goal is to move to PAAS in Azure with our web application.
  Thanks for any help in advance.

  I appreciate the link to the article, but I don't need an SSL certificate, I need a code signing certificate.  I'm afraid this post does not help me at all.  What I need is a certificate to sign my downloadable applications with.  I have
  an .exe file that users can download, and I need those people to know my code can be trusted, which is why I need the code signing certificate.  My problem is how do I utilize this with a Web Role or Cloud Service?

• How to use Java code signing certificate in oracle 11i

  Hello,
  I am try to configure java code signing certificate in 11.5.10.2 application. we got java sign certificate from verisgin. SA's imported the certificate and created alias XXX_XXX with password and passphrase.
  I am able to see the my certificate. keytool -list -v -keystore xxx_xxxx.jks -storepass Password.
  how do I use it. I am using Enhance Jar Signing for EBS DOC ID 1591073.1.
  could you please give me some advice on it?
  Thanks
  Prince

  Hussien,
  I find out apps keystore keypassword and storepassword, I imported the java code sign certificate. I generated Jar files through adadmin, but I am getting  warning error
  adogif() unable to generate Jar Filers under JAVA_TOP.
  executing /usr/jdk/jdk1.6.0_45/bin/java sun.security.tools.JarSigner keysotre **** -sigfile CUST Signer /apps/......
  Error JarSigner subcommand Exited With status 1.
  No standard output from jarsigner JarSigner error output: Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)         at java.security.AccessController.doPrivileged(Native Method)         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)         at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: sun.security.tools.JarSigner.  Program will exit. WARNING: The following path(s), defined in /apps2/property/product/tst/appl/cz/11.5.0/java/make/czjar.dep as elements of the output:   oracle/apps/cz/runtime/tag WARNING: Copying cztag.lst from the old fndlist.jar ...   About to Analyze flmkbn.jar : Fri Nov 22 2013 10:45:51
  Please let me know if you have any idea. Thanks Prince

• Third party CA and SCUP code signing

  All of the documentation I have seen out there regarding using a code signing certificate with SCUP assumes you are using AD CS. My institution uses a 3rd party CA and I requested a code signing certificate from them (the file had no file name extension,
  FWIW). I imported it into the local computer certificate store (on SCUP server/CAS) and see four entries:
  The blocked out item is our company name.
  Here is what I have done:
  I have exported the one with our company name as as the .cer file for clients, and placed it in the Trusted Publishers and Trusted Root Certificate Authorities stores on the SCUP server/CAS.
  I have exported various combinations of the 4 to generate the *.pfx file and imported it into SCUP but it always gives me an error when I try to publish an update. I initially exported all 4 certificates to get my .pfx, then tried just the ones with the
  purpose of "code signing." In both cases I get an error stating "Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured."
  I am not getting an option to export the private key no matter what combo I choose. This is the biggest red flag I am seeing.
  Does anyone have any experience in this scenario? I am at a loss at this point. The server is 2008 R2 and I know I could use a self-signed one but I thought I would do it the "right" way since it is no longer supported.

  It turns out that after the code signing certificate was downloaded, the private key was somehow lost or damaged or not associated with it in the first place. That is why I was not seeing the option to export the key. We needed to use certutil to repair
  the key association.
  I suspect this is because the request was made from a web form and handled by the 3rd party CA as opposed to being done with certreq. Am I off base?
  Anyway, running this command on the code signed certificate allowed me to export it as needed for SCUP:
  certutil -repairstore my "SerialNumberofCert"
  There are some how tos here:
  http://support.microsoft.com/kb/889651
  http://blogs.msmvps.com/ivansanders/2011/07/26/restoring-a-certificates-private-key-without-the-certreq/

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Code-signing

  We are having some issues with our C Sharp .NET 4 Application
  We are using Visual Studio 2010 to build a Click Once Installation
  In addition, we use our code-signing certificate (.pfx) to sign the package
  However when attempting to install the application it is blocked by
  Windows 8 Smart Screen with an “unknown Publisher” message.
  We sign our package twice once on the actual files and afterward
  The manifest is resigned.

  Hi Rene,
  >>“unknown Publisher” .
  Please check whether you sign file in the correct directory.
  Reference:
  http://stackoverflow.com/questions/10392201/clickonce-de-signs-our-executable-and-says-unknown-publisher?rq=1
  A document shared us the detailed steps for "Certificate Expiration in ClickOnce Deployment".
  http://msdn.microsoft.com/en-us/library/ff369721.aspx
  In addition, since this issue is related to the Clickonce, I suggest you post a new case in this forum:
  http://social.msdn.microsoft.com/Forums/windows/en-US/home?forum=winformssetup , and there you would get dedicated support.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
  href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

• InCommon Code Signing Cert not working in Profile Manager

  We acquired a Code Signing Certificate from InCommon for signing profiles, and it doesn't want to work with Profile Manager.
  In the Certificates section we have our working SSL cert for the web server, and self-signed SSL and Code Signing certs.
  When I try to import the p7s file it lists four non-identity certificates and then says that it can't be used as a code signing certificate. 
  Has anyone ever managed to get an InCommon code signing cert to work with OSX Server?

  Hello,
  In RFC SAP-OSS, i maintained my S-user id and its password.
  As already told my router connectivity and   SAPOSS rfc working fine.
  regards
  Vinayag.K.C

• My Distribution Profile is grayed out in Code Signing Provisioning Profile

  Fellow developers, has anyone experienced this problem when you tried to compile your app for distribution:
  Did everything as suggested in this forum, including:
  - copying a distribution profile to the right folder and also draging over the Xcode icon
  - Adding a "Distribution" configuration
  - specifying the identity as "iPhone Distribution: My Name"
  However, in the "Code Signing Provisioning Profile" picker, when "Any iPhone OS" is selected, the only enabled choice is "Default ..." and the actual profile with my name is grayed out.
  More over, the moment I select "Distribution" and then select "Device" in the "Active Configuration" picker, Xcode closes. This behavior can be reproduced all the time.
  Any suggestions?
  Eugene

  It is normal that it is grayed out ( don't ask me why ). To activate the distribution build, duplicate your Release in Distribution, install all the required certificates ( please apple stop those, they're a nightmare to deal with ) , then in the build settings in the code signing you have to TYPE ( there is no drop down box as seen in some screenshots ) "iPhone Distribution" ( instead of "iPhone Developer" ) and tada a few lines below you should see your drop down modified with some distributions entries.
  Patricia.

• ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

  My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
  ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
  'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
  He is saying that I need to send them the entitlements file.
  I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
  Adding iOS entitlements to AIR apps
  which states that 'the packager configures the entitlements file '
  Can anyone explain what might be missing here?
  Thanks,
  Alan.

  It looks as if this problem is solved by doing step 2 from here:
  http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
  It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
  A “Mobile Provisioning Profile”
  An “Entitlements.plist”
  An “iOS Distribution Certificate”
  iReSign OS X app (or you could use command line)
  Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

• No option in project info window for code signing Provising profile.

  Dear Developer forum,
  I have one issue wth my application regarding provisional Profile.
  I have installed Distribution certificate.After that I have entered all information regarding distribution provisional profile in program portal
  I have got provisional certificate from portal.I have installed it
  And I have also seen its entry in home/library/mobiledevices/.
  But Now problem is arising at place when I am opening my project or target info window on that time in BUild->code signing option, I have only code signing endity but no code signing provisioning profile.
  where I can give my distribution provising profile name
  So anybody tell me howz it come????
  Thanks

  Looking at this page:
  http://developer.apple.com/iphone/manage/distribution/index.action
  Make sure that you've done all the steps... "Generating a Certificate Signing Request", "Submitting a Certificate Signing Request for Approval", "Downloading and Installing iPhone Distribution Certificates", "Create and download your iphone distribution provisioning profile"...
  When I went through this process, I think I forgot to do the step "Downloading and Installing iPhone Distribution Certificates"... (skipping straight to "create and download your iphone disbritution profile") as a result the provisioning profile name wasn't appearing for me to select... When I completed that step, then the provisioning profile name appeared...
  Message was edited by: iphonemediaman