Wow, Lee!
I really appreciate this complete explanation.
Funny, I've been a Mac person for years, and you would think I'd know
some of this stuff; but I just keep learning new things here from the
MacGroup.
Thanks again,
Jane
On 1/17/17 9:38 AM, Lee Larson wrote:
On Jan 17, 2017, at 5:51 AM, Jane Blake <[email protected]
<mailto:[email protected]>> wrote:
I guess my confusion is allowing network connections at all. I'm not
sure which network it refers to, but I'm assuming it means my own
network, which would include my applications and my other computers
- not connections outside my own network - and I've been assuming it
would be okay to say "allow."
Is this right?
Please forgive me for getting a bit technical, but here’s an overview
of what’s going on.
Apple developers can get what’s called a “code signing certificate”
from Apple. This is really just a standard public key encryption pair.
(I’ve written about these key pairs here many times before in the
context of email.) Apple stores a copy of the public key.
When the developer wants to distribute an application, a checksum of
the program file is computed, encrypted with the private key, and
added to the program’s bundle. When the program is executed for the
first time on a machine, macOS looks for the checksum. If it’s there,
macOS uses the public key stored by Apple to decrypt it and then uses
the checksum to make sure the program file is correct.
You’ll get the “allow connections” message when macOS can’t check for
the public key at Apple’s server.
If a program has such an encrypted checksum with its bundle, then the
default is for macOS to do all this stuff magically in the background.
You should only see this message if macOS is prevented from checking,
or the program is not signed.
There’s actually a lot more that can be done with this mechanism. The
Apple description is here
<https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005929-CH1-SW1>
L^2
_______________________________________________
MacGroup mailing list
Posting address: [email protected]
Archive: <http://www.mail-archive.com/[email protected]/>
Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
_______________________________________________
MacGroup mailing list
Posting address: [email protected]
Archive: <http://www.mail-archive.com/[email protected]/>
Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
