Code signing is a technology introduced for Mac OS X v10.5 that assures user of the integrity of code and allows the system to recognize newer versions of code as the same program as the original. Once completed, any change in the code that you did not intend—whether introduced by accident or maliciously by hackers—it can be detected by the system. Conversely, your digital signature on an updated version of your program tells the system to treat the new version in the same manner it treated the old version, so  users are not bothered with dialog boxes requesting permission to the keychain or some other system component to respond with your program.

Signing code is quick, requires just a few resources, and doesn’t  increases the size of your deliverable by more than 1%.  Signatures will not change how your code runs and are not interfered with  by Mac OS X versions prior to Mac OS X v10.5; so there is no good reason not to sign your code. That said, there are a handful of things you will need to know to get started. The document links below explain the term and concepts you’ll need to understand and they explain the procedures you will need follow to sign your code.

The system will expect all code to be signed,  so any code that is not signed will not behave in the same manner as the majority of the programs on the user’s system. As an example, the user will be bothered with additional dialog boxes and user prompts for unsigned code. That’s something that they don’t see with signed code. Unsigned code might not work as expected with some system components like parental controls. Again, there is no reason not to sign all code intended for use with Mac OS X v10.5 or later.

Therefore, if you intend to deliver code that might ever be run on Mac OS X v10.5 or later, you should definitely read these documents.

About Code Signing


Code Signing Requirement Language