Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
signature¶
File (executable, bundle, installer, disk) code signing status.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: signature
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
path | TEXT | Must provide a path or directory |
hash_resources | INTEGER | Set to 1 to also hash resources, or 0 otherwise. Default is 1 |
arch | TEXT | If applicable, the arch of the signed code |
signed | INTEGER | 1 If the file is signed else 0 |
identifier | TEXT | The signing identifier sealed into the signature |
cdhash | TEXT | Hash of the application Code Directory |
team_identifier | TEXT | The team signing identifier sealed into the signature |
authority | TEXT | Certificate Common Name |
Query examples¶
SELECT * FROM signature WHERE path = '/bin/ls'
SELECT * FROM signature WHERE path = '/Applications/Xcode.app' AND hash_resources=0
SELECT * FROM (SELECT path, MIN(signed) AS all_signed, MIN(CASE WHEN authority = 'Software Signing' AND signed = 1 THEN 1 ELSE 0 END) AS all_signed_by_apple FROM signature WHERE path LIKE '/bin/%' GROUP BY path);