apple-codesign 0.24.0

Pure Rust interface to code signing on Apple platforms
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

```
$ rcodesign generate-self-signed-certificate --help
Generate a self-signed certificate that can be used for code signing.

This command will generate a new key pair using the algorithm of choice
then create an X.509 certificate wrapper for it that is signed with the
just-generated private key. The created X.509 certificate has extensions
that mark it as appropriate for code signing.

Certificates generated with this command can be useful for local testing.
However, because it is a self-signed certificate and isn't signed by a
trusted certificate authority, Apple operating systems may refuse to
load binaries signed with it.

By default the command prints 2 PEM encoded blocks. One block is for the
X.509 public certificate. The other is for the PKCS#8 private key (which
can include the public key).

The `--pem-filename` argument can be specified to write the generated
certificate pair to a pair of files. The destination files will have
`.crt` and `.key` appended to the value provided.

When the certificate is written to a file, it isn't printed to stdout.


Usage: rcodesign[EXE] generate-self-signed-certificate [OPTIONS] --person-name <PERSON_NAME>

Options:
      --algorithm <ALGORITHM>
          Which key type to use
          
          [default: rsa]
          [possible values: ecdsa, ed25519, rsa]

  -v, --verbose...
          Increase logging verbosity. Can be specified multiple times

      --profile <PROFILE>
          [default: apple-development]
          [possible values: mac-installer-distribution, apple-distribution, apple-development, developer-id-application, developer-id-installer]

      --team-id <TEAM_ID>
          Team ID (this is a short string attached to your Apple Developer account)
          
          [default: unset]

      --person-name <PERSON_NAME>
          The name of the person this certificate is for

      --country-name <COUNTRY_NAME>
          Country Name (C) value for certificate identifier
          
          [default: XX]

      --validity-days <VALIDITY_DAYS>
          How many days the certificate should be valid for
          
          [default: 365]

      --pem-filename <PEM_FILENAME>
          Base name of files to write PEM encoded certificate to

      --pem-unified-filename <PEM_UNIFIED_FILENAME>
          Filename to write PEM encoded private key and public certificate to

      --p12-file <P12_PATH>
          Filename to write a PKCS#12 / p12 / PFX encoded certificate to

      --p12-password <P12_PASSWORD>
          Password to use to encrypt --p12-path.
          
          If not provided you will be prompted for a password.

  -h, --help
          Print help (see a summary with '-h')

```

```
$ rcodesign generate-self-signed-certificate --profile apple-development --person-name 'Johnny Apple'
-----BEGIN CERTIFICATE-----
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
[..]
-----END PRIVATE KEY-----

```

Try a PKCS#12 file

```
$ rcodesign generate-self-signed-certificate --profile apple-development --person-name 'Johnny Apple' --p12-file test.p12 --p12-password password
writing PKCS#12 certificate to test.p12

```