How can I tell who code signed an OS X app?

Question

On Windows, I can right-click a file and see who code signed it on the "Digital Signatures" tab of the Properties dialog. Is there a similar way to see which publisher signed an OS X app, or details about the certificate used to sign it?

I know I can run codesign -d -r- appname.app to see details about the certificate, and codesign -vvvv appname.app to see whether it passes validation, but neither of those shows me anything about the actual certificate or publisher who signed it, just the one in the bundle identifier for the app.

Answer 1

There is an app for that by the great Patrick Wardle:

Verifying a file's cryptographic signature can deduce its origin or trustability. Unfortunately on macs there's no simple way to view a file's signature via the UI. What's Your Sign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!

Download at https://objective-see.org/products/whatsyoursign.html.

Answer 2

There’s also a nice and free GUI utility called RB App Checker Lite:

Answer 3

Use

$ codesign -dvvv the.app

And look to the Authority fields such as

Authority=Adobe Systems, Incorporated

However, apps distributed on the Mac App Store are all signed by Apple's certificate:

Authority=Apple Mac OS Application Signing