What's Your Sign?
Verifying a file's cryptographic signature can deduce its origin or trustability. Unfortunately there's no simple way to view a file's signature via the UI.
"What's Your Sign" adds a menu item to Finder. Simply right-, or control-click on any file to display its cryptographic signing information!
Supported OS: OS X 10.13+
Current version: 3.0.1 (change log)
Zip's SHA-1: 3EACCAAA56C0E8782BBFB9AC44890B832DFC30F5
Source Code: WhatsYourSign
What's Your Sign is a utility with a straightforward goal: to make it easy to view any file's cryptographic signing information directly from the user interface. A file or binary's cryptographic signature is important because it can identify its creator (e.g., Apple, a third party, etc.). Moreover, it helps determine if a file can be trusted. For instance, binaries signed by Apple are generally trustworthy, while unsigned files may be untrusted or even malicious.
To install What's Your Sign, first download the zip archive containing the application installer. Depending on your browser, you may need to manually unzip the application by double-clicking on the zipped archive:
Then, simply double-click on 'WhatsYourSign Installer.app'. Click 'Install' (or 'Upgrade') to install the tool:
Once What's Your Sign is installed, you can control-click or right-click on any file and select the 'Signing Info' option from the menu to view details about the file's cryptographic signature.
Files that are signed by Apple proper will contain a green lock icon:
Note:
Most legitimate 3rd-party apps should also be notarized.
Most legitimate 3rd-party apps should also be notarized.
Finally, files that are unsigned or whose signing certificate has been revoked, will contain a red unlock icon:
Note:
As the vast majority of legitimate applications are signed (and notarized) items that are signed with an ah-hoc signature, or wholly unsigned, should be treated with caution.
Items whose code signing certificate has been revoked by Apple, are almost always malicious.
As the vast majority of legitimate applications are signed (and notarized) items that are signed with an ah-hoc signature, or wholly unsigned, should be treated with caution.
Items whose code signing certificate has been revoked by Apple, are almost always malicious.
What's Your Sign will also compute hashes for any item. Simply click on the 'View Hashes' text to view an item's MD5, SHA1, and SHA256 hashes:
Note:
For Application bundles the hash values represent the hash of application's executable binary.
For Application bundles the hash values represent the hash of application's executable binary.
For any item with entitlements, What's Your Sign will extract and display them. (For more information on entitlements, see Apple's documentation on the subject). Simply click on the 'View Entitlements' option to see an item's entitlements:
Frequently Asked Questions
Q: How can I tell if What's Your Sign is installed and running?
A: Simply right- or control- click on any file (in Finder, the desktop, etc). If a 'Signing Info' option is available in the dropdown menu, that means What's Your Sign is installed.
You can also check if the /Applications/WhatsYourSign.app directory exists and contains WhatsYourSign.appex bundle in the /Contents/Plugins directory.
Q: Why are there multiple What's Your Sign processes running?
A: What's Your Sign integrates with Finder as a ("
Finder Sync") plugin. The operating system determines how and when to load the What's Your Sign plugin, and it may load multiple instances of it. Therefore, it is completely normal to see multiple instances of What's Your Sign running!
Q: Why does What's Your Sign access the network?
A: The system API's (e.g., SecAssessmentTicketLookup) used to check a file's notarization status may connect to Apple's notarization servers.
The application does not use the network for any other reason.