For linux, are there tools for verifying that an ipa has been properly signed - when you don't have the original credentials?
The MacOS codesign tool can be used for signature verification, but this software is running on linux. My coarse understanding are linux tools like variants of ldid are used for resigning - and must be given the credentials. This is the reverse problem of verifying the encryption of the ipa. Possibility decrypting and confirming the ipa codesignatures .... not sure here.... Checking the cryptid value as nonzero is too superficial.
Are there indepth linux tools for verifying the signature?
Thanks
The MacOS codesign tool can be used for signature verification, but this software is running on linux. My coarse understanding are linux tools like variants of ldid are used for resigning - and must be given the credentials. This is the reverse problem of verifying the encryption of the ipa. Possibility decrypting and confirming the ipa codesignatures .... not sure here.... Checking the cryptid value as nonzero is too superficial.
Are there indepth linux tools for verifying the signature?
Thanks