Which identity for code signing?

I’m hoping that some of you may have an answer to this. I’ve asked on the Apple Dev Forums, but no answer in 3 weeks.

In dealing with my main OS X build system, I see that I have 2 identities for Application and 1 for Installer. For the Application, one is “3rd Party Mac developer” and the other is “Mac Developer”. For the Installer, it’s just “3rd Party”.

They are both valid and have 2020 expiration dates.

I had been using the “Mac Developer:” identity and some of my testers are now reporting that the app is signed by an unrecognized developer. However, the same app downloaded from the MAS in test mode is valid.

Is that the difference between the two identities? The Mac Developer for MAS and the 3rd Party for non-MAS distribution?

The ones beginning with “3rd Party” are for signing your MAS apps.
The other one (“Developer ID Application: …”) is for signing your apps for self-delivery.
I also find “Mac Developer …” certs, but do not use them, not sure what they’re for - the ones I have all seem to be older than the ones starting with “Developer ID”.

Also, do you know about “RB App Checker Lite”? That’s a free app helping you to check your signed apps.

3rd Party is for the MAS, Mac Developer is for distribution outside of the MAS.

Thanks guys. Seems pretty unobvious as to why they differentiate…

I’ll reset my code signing build scripts to reverse them.

  • 3rd Party is for MAS submission.
  • Mac Developer is for developing apps that use Apples online iCloud stuff.
  • Developer ID is for everything else.

I know that’s how it is, but it is very counter-intuitive. Surely Apple is the 1st Party and the developer is the 2nd Party!

Now you’ve got me curious on what the definitions of first, second, and third parties are. So I looked it up :stuck_out_tongue:

[quote]A first-party source comes directly from the first party (such as a self-published document or product description). A second-party source is controlled by the second party, such as a customer[1] who has written some product requirements, or a prior book or article written by the same author.

In commerce, a “third-party source” means a supplier (or service provider) who is not directly controlled by either the seller (first party) or the customer/buyer (second party) in a business transaction.[/quote]

It’s simple: “The 1st Party of the first part shall be known as the 1st Party of the first part.”