Q: SHA-1 fingerprint / certification of update problem (10.10.3)
Hello everyone.
I downloaded the new Update (v 10.10.3) via the apple download page since it took too long for me to download it via the App Store. I wanted to check if everything is ok with it, so looked at the certificate (it displayed a green checkmark) and at the SHA-1 fingerprint.
The official page from apple (named "How to verify the authenticity of manually downloaded Apple Software Updates") says the SHA-1 should be: SHA1 FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF, but my SHA-1 is different.
So, is the page not update yet or is something wrong with my downloaded update?
What does your SHA-1 say?
Thanks for answers
Posted on Apr 12, 2015 8:25 AM
It's very easy to select the wrong cert at the top of the window which will show the wrong value. Double check that you have the same item selected when viewing the installers certificates.
Barney-15E wrote:
I wouldn't be worried. They likely haven't updated the support document for the newer installer.
That is the SHA-1 of the certificate not the installer, if Apple have a new cert it could be OK if they correct that page with the same SHA-1 for the cert you see, but the point of these is to verify that Apple created the items you are installing & that they have not been tampered with in transit. I think you should worry if you have 'mission critical' uses for the Mac, the same as you would worry if you installed from any other untrusted source (maybe you do that anyway - in which case meh!).
Other recent updates use the same cert as that page shows (the 10.9 security updates, iTunes 12.1.2 update). It's curious that only you two have this different SHA-1, would you mind sharing where you are located? Mine was downloaded in the UK. You should both post the result you see for the SHA-1 value.
'pkgutil' should also show the signatures in the installer if you want another easy way to see them all in one go. (note the reversed order, and we are verifying number 2).
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/pkgutil.1.html
pkgutil -v --check-signature /Volumes/OS\ X\ 10.10.3\ Update\ Combo/OSXUpdCombo10.10.3.pkg
Package "OSXUpdCombo10.10.3.pkg":
Status: signed Apple Software
Certificate Chain:
1. Software Update
SHA1 fingerprint: 1E 34 E3 91 C6 44 37 DD 24 BE 57 B1 66 7B 2F DA 09 76 E1 FD
-----------------------------------------------------------------------------
2. Apple Software Update Certification Authority
SHA1 fingerprint: FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
Posted on Apr 12, 2015 10:53 AM
