Home  •  Next Meeting  •  Contact Us  •  iCal  •  Check Email

MacGroup-Detroit    MacGroup iBBS    MacGroup iBBS  Hop To Forum Categories  Genius Bar - Troubleshooting-Software    1Password issue fr Smalldog Electronics
Go
New
Find
Notify
Tools
Reply
  
1Password issue fr Smalldog Electronics
 Login/Register
 
Jedi Knight
posted
FYI

Developer Signing Certificates By Hadley Markoski


As the director of IT at Small Dog, I manage a lot of accounts. It’s not feasible to remember each of the passwords and logins, so I use a piece of software called 1Password. There are iOS, macOS and Windows versions of the app and it can be added as an extension or add-on into most modern browsers.

On Monday this week, I needed to edit one of the records in my 1Password. I usually have the mini app running in my toolbar, but I noticed it wasn’t there. So I tried to launch it from my apps folder. It did a bunch of thinking, but ultimately failed to launch. I tried to launch the mini app myself. This also failed. I rebooted my machine. No luck.

As it turns out, 1Password had fallen victim to a change in developer signing certificates policy by Apple. When you create an app to run on iOS or macOS, Apple allows you to sign the app cryptographically. This signature allows the operating system to verify that the app is authentic, and hasn’t been modified maliciously before it runs on your device. Apps purchased from the app store are “pre-approved” by Apple, so there’s no need to verify them before running, but apps downloaded from the internet generally don’t have that pre-approval. That’s where the developer signing comes into play. You’ve probably encountered this before when macOS pops up a warning saying that the app cannot be launched because it comes from an unknown source. This system, built into all versions of macOS, is called “Gatekeeper”. It can be bypassed, but it’s always best to let it do its job so that you know software running on your device won’t do anything malicious.

This is what happened with 1Password. Previously, when an app was signed with a developer certificate, it was good to go…indefinitely, even if the developer certificate expired. Apple made a change to this policy though. Apps also have something else called a provisioning profile. The provisioning profile is basically a list of things that the app has been approved to do. Common things might be: accessing iCloud data, sending push notifications, or reading photos and contact data among many others. These profiles are also signed by the developer certificate, and unlike the app, when the certificate expires, the profile is no longer valid. Depending on how the app works, this could mean it would fail to launch entirely, as was the case with 1Password. The certificate that was used to sign the provisioning profile for 1Password expired over this past weekend. The 1Password team was unaware of the change that provisioning profiles could expire.

Fortunately, the fix is pretty simple if you’re using 1Password. Just go to their site and re-download the application. This will contain the newly signed provisioning profile and the app will be able to launch correctly. While all of this might seem like an unnecessary headache, these policies and procedures help to insure that no malicious software runs on your devices. They help to keep your iCloud and other personal data safe from apps that could exploit that information. So even when there are hiccups like this, ultimately it’s all about keeping you safe.

This message has been edited. Last edited by: Paul Corsa,
 
Posts: 152 | Location: Commerce Township | Registered: March 22, 2008Reply With QuoteReport This Post
Jedi Council Member
posted Hide Post
Since you're discussing 1Password, I have a web site that doesn't like Safari. How can I get 1Password to work with Google Chrome? Thanks.
 
Posts: 831 | Location: PA | Registered: November 10, 2002Reply With QuoteReport This Post
Guru
Picture of Jack Beckman
AIM: Online Status For jcbeckman@mac.com
posted Hide Post
You should download the Chrome extension for 1Password, or use the mini version. Go to https://1password.com/downloads/ and look for the link for the extension. Make sure you go there with Chrome so it offers you the Chrome extension.


===
Professor Hubert Farnsworth: “Nothing is impossible. Not if you can imagine it. That’s what being a scientist is all about.”
Cubert J. Farnsworth: “No, that’s what being a magical elf is all about.”

 
Posts: 5470 | Location: Sterling Heights, Mi | Registered: January 25, 2004Reply With QuoteReport This Post
Jedi Council Member
posted Hide Post
Thanks Jack will do as you suggested. Much appreciated.
 
Posts: 831 | Location: PA | Registered: November 10, 2002Reply With QuoteReport This Post
Jedi Council Member
posted Hide Post
Found the extension and all is working great. Thanks.
 
Posts: 831 | Location: PA | Registered: November 10, 2002Reply With QuoteReport This Post
  Powered by Social Strata  
 

MacGroup-Detroit    MacGroup iBBS    MacGroup iBBS  Hop To Forum Categories  Genius Bar - Troubleshooting-Software    1Password issue fr Smalldog Electronics

© MacGroup-Detroit 2016

Next Meeting | Join Now | News | About MacGroup | Check Your Mail