You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

02: How to get signature info from pkg installer?

Open a terminal window and run the command

pkgutil --check-signature /path/to/package.pkg

example output for 'SkypeForBusinessInstaller-16.29.0.72.pkg':

Package "SkypeForBusinessInstaller-16.29.0.72.pkg":
Status: signed by a developer certificate issued by Apple for distribution
Signed with a trusted timestamp on: 2021-10-18 17:33:10 +0000

Certificate Chain:

  1. Developer ID Installer: Microsoft Corporation (UBF8T346G9)
    Expires: 2023-05-16 04:46:41 +0000
    SHA256 Fingerprint:
    6A 66 CD 33 B5 5B 9C 14 86 02 29 09 DB 7E 00 85 53 11 29 6B CE 11
    9F 2A 93 5C 69 BF 56 3A 79 82
    ------------------------------------------------------------------------

  2. Developer ID Certification Authority
    Expires: 2027-02-01 22:12:15 +0000
    SHA256 Fingerprint:
    7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
    F2 9C 88 CF B0 B1 BA 63 58 7F
    ------------------------------------------------------------------------

  3. Apple Root CA
    Expires: 2035-02-09 21:40:36 +0000
    SHA256 Fingerprint:
    B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
    68 C5 BE 91 B5 A1 10 01 F0 24

In this example, you can pull signed details in three ways:
 

  1. CN=Developer ID installer: Microsoft Corporation (UBF8T346G9)


     
  2. OU=UBF8T346G9


     
  3. O=Microsoft Corporation



     

To get this information refer to this example of how to pull these details.

  • 1213
  • 06-Apr-2023
  • 1166 Views