Leopard Code Signing and Keychain Problems

Mac OS X 10.5 Leopard includes a new code signing security feature that helps verify the integrity of an application. Applications are signed by their creators before being distributed using their private key, and then can be verified on the customer’s machine using the company’s public key.

Mac OS X’s Keychain Services leverage this new code signing feature to verify the signature of each application before allowing access to the contents of the keychain. By verifying the signature, the Mac OS X keychain Services can detect when a potentially malicious change has been made to an application and thereby protect your sensitive data by denying the changed application access.

Upon upgrading to Leopard, many 1Password users found that they could not access their data from within Safari but could from other browsers and the 1Password application. If Safari’s code signature is invalid, the Mac OS X keychain Services will treat Safari as suspect and deny it access to the keychain contents.

The error code returned from Keychain Services in this situation is not consistent, but we have verified that the error codes -67061 and -25293 can be the result of this problem. You can verify this yourself by using the codesign tool from Terminal. Here is the error given when Safari’s signature no longer matches:

AgileBits Code Signing Certificate

If the signature is valid, you should see something like this:

/Applications/Safari.app/: valid on disk

Restoring Safari to “Factory Defaults”

If the signature on your Safari application is invalid, you should restore Safari to its factory default state. You can use Time Machine to restore the original Safari files, or copy the entire /Applications/Safari folder from another machine. The recommended way is is to use Pacifist to install the original Safari application from your Leopard Installation DVD.