Codesign Installer package for distribution outside the Mac App Store

Sometimes you need to distribute your application installers outside Mac App Store. You can code sign it so that it will be recognized by Gatekeeper as identified developer product. Once you code sign the installer with your Apple Developer Id certificate, gatekeeper will allow to open the installer, otherwise it will show a dialog saying “The app cannot be opened because it is from an unidentified developer” (if gatekeeper settings are set to ‘Mac App store and identified developers’).

To know more about Gatekeeper options click here.

Here we will see how to sign the installer package so that gatekeeper won’t block it.

The installers created by PackageMaker with minimum target set to 10.5 and above are flat package while the installers created with minimum target set to 10.4 will create a bundle package.

Bundle type installers cannot be signed using Developer Id Installer certificate. These can be signed using Developer Id Application certificate, but gatekeeper does not pass it.

To sign a flat type installer first you need to enroll to Mac Developer Program and download your Developer Id Installer certificate. Double click the downloaded certificate to load it to keychain.

Now once you have the certificate in your keychain, you may check it via KeyChain Access. The certificate will be named like “Developer ID Installer: Any Name”.

To code-sign your installer package, run the following command in terminal:

productsign –timestamp=none –sign “Your Certificate Name” “/path/and/name/of/the/unsigned/installer” “path/and/name/of/signed/installer

For example, in my case

productsign –timestamp=none –sign “Developer ID Installer: Neha Gupta” “/myApp.pkg” “/signed/myApp.pkg”

The new installer created will be signed by your installer certificate and will be recognized by gatekeeper as a identified developer product. To check the certificate by which package is signed, launch the signed installer package and click the lock sign on the upper right corner.

Written By: Neha Gupta

Advertisements

Cryptographic Hashes in Qt (HMAC-SHA1, PBKDF2, Md5)

At times we need to generate cryptographic hashes for encryption purposes. This can be done in Qt using QCryptographicHash or QCA (Qt Cryptographic Architecture). QCA is a cross-platform crypto API, using Qt datatypes and conventions, hence we need to download and build it separately and include it in Qt. On the other hand QCryptographicHash class comes with Qt itself and can be used to generate cryptographic hashes.

Using QCA increases the size of our application as we need to include qca plugins and library in our application bundle to make it deployable (I’ll explain how to build and deploy QCA in my next post). Therefore I prefer to use qt’s inbuilt class QCryptographicHash if requirements can be completed using this.

Even after some research I couldn’t find a way to generate PBKDF2 using QCryptographicHash, therefore I am using QCA to generate PBKDF2 from a string/byte-array.

In this post I’ll explain how to generate HMAC-SHA1 and Md5 hash using QCryptographicHash, and generate PBKDF2 using QCA library.

Here is the code to generate HMAC-SHA1 of public key and a secret base string:

// Returns HMAC-SHA1 encrypted signature composed of public key and secret base string
QString hmacSha1(QByteArray key, QByteArray baseString)
{
    int blockSize = 64; // HMAC-SHA-1 block size, defined in SHA-1 standard
    if (key.length() > blockSize) { // if key is longer than block size (64), reduce key length with SHA-1 compression
        key = QCryptographicHash::hash(key, QCryptographicHash::Sha1);
    }
    QByteArray innerPadding(blockSize, char(0x36)); // initialize inner padding with char "6"
    QByteArray outerPadding(blockSize, char(0x5c)); // initialize outer padding with char "\"
    // ascii characters 0x36 ("6") and 0x5c ("\") are selected because they have large
    // Hamming distance (http://en.wikipedia.org/wiki/Hamming_distance)

    for (int i = 0; i < key.length(); i++) {
        innerPadding[i] = innerPadding[i] ^ key.at(i); // XOR operation between every byte in key and innerpadding, of key length
        outerPadding[i] = outerPadding[i] ^ key.at(i); // XOR operation between every byte in key and outerpadding, of key length
    }

    // result = hash ( outerPadding CONCAT hash ( innerPadding CONCAT baseString ) ).toBase64
    QByteArray total = outerPadding;
    QByteArray part = innerPadding;
    part.append(baseString);
    total.append(QCryptographicHash::hash(part, QCryptographicHash::Sha1));
    QByteArray hashed = QCryptographicHash::hash(total, QCryptographicHash::Sha1);

    QString result = QCA::arrayToHex(hashed);
    return result;
}

Above method will return the HMAC-SHA1 hex as a string. Now, lets see how to generate md5 hash from the content of a file.

QString md5Hash(QString path)
{
    QFile file(path);
    if(!file.exists())
    {
        qDebug()<<"File does not exist to read md5hash";
        return "";
    }
    if (!file.open(QIODevice::ReadOnly))
    {
        qDebug()<<"error in reading file: "<<path;
        return "";
    }

    QByteArray fileContent(file.readAll());

    QByteArray fileHash = QCryptographicHash::hash(fileContent, QCryptographicHash::Md5);

    file.close();

    QString result = QString(fileHash.toHex());
   
    qDebug()<<"md5 : "<<result;

    return result;
}

Now, the last we are going to discuss here is PBKDF2. We will need to use QCA for this.
PBKDF2 of a string can be generated by passing the salt value, iterations and length of the key.
Here is the code to generate PBKDF2 from a password string passed in the function :

QString pbkdf2(QString password, QString salt, int length, int iterations)
{
    if(!QCA::isSupported("pbkdf2(sha1)", "qca-ossl"))
    {
       qDebug()<<"PBKDF version 2 with SHA1 not supported  ";
    }
    else
    {
        QCA::InitializationVector esalt(QCA::SecureArray(salt.toUtf8()));
        QCA::SecureArray epassword(password.toUtf8());
        QCA::SymmetricKey passwordOut = QCA::PBKDF2("sha1", "qca-ossl").makeKey (epassword, esalt, length, iterations);
        QString result = QCA::arrayToHex(passwordOut.toByteArray());
        return result;
     }
    return "";
}

Note: When using QCA classes remember to include the header <QtCrypto/QtCrypto>

Written By: Neha Gupta

Round Cornered Views

mac developers

Custom NSView with rounded corner:

To draw a custom view with its one or more corners round, all you need to do is draw a bezier path of the required shape in the view’s drawRect: method.
Also, this can be used to customize any NSView subclassed objects as  NSTextView, NSTextField etc.
Here I present the code to create a text field with any one round corner as shown in the image below. The code can be easily changed to create more than one round corners of a view.

View original post 471 more words

Circular Progress Bar

mac developers

Circular progress indicatorWe  all are familiar with native progress bar but a circular progress bar might be required in a project. In circular progress bar, progress of process will be shown by a bar filling in clockwise or anti-clockwise direction. Here I am providing the code to create a circular progress bar as shown in the image below:

View original post 564 more words

Protocol Buffers with Objective-C

mac developers

What are Protocol Buffers? Protocol Buffers are a way of encoding structured data. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data like XML, but smaller, faster, and simpler. You define how you want your data to be structured once, then you can use special generated source code to easily write and read your structured data to and from a variety of data streams and using a variety of languages. You can even update your data structure without breaking deployed programs that are compiled against the “old” format.

How to use Protocol Buffers with Objective C?

View original post 892 more words

How to get selected text and its coordinates from any system wide application using Accessibility API?

mac developers

In my previous post, I had discussed about accessing the text value from any system wide application by using Accessibility API. Now going further,  you may want to access only the selected text or the position of selected text, we will discuss about it in this article.

View original post 461 more words

Accessing text value from any System wide Application via Accessibility API

mac developers

Suppose, I want to create a application which will monitor the typing and say if “macdevelopers” is typed anywhere be it in TextEdit or Mail etc. the application will perform a operation for example automatically opening the website in a browser.

The text value from any System wide Application can be accessed using the Accessibility API. In this article I will discuss about accessing the text value from any application like Text Edit or other applications if its current focused element is some text field or text view in it. Thus using this you can implement the functionality to access the active application’s text field value.

View original post 260 more words