tunnelblick icon Tunnelblick free software for OpenVPN on macOS We need translators for several languages…

Highlighted Articles
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes

Discussion Group
  Read Before You Post

Tunnelblick and Digital Signatures

Most Tunnelblick users do not need to use the information on this page. This page is primarily for those who create Deployed versions of Tunnelblick.

Digital Signatures

Tunnelblick uses two different types of digital signatures:

  • Application signature Tunnelblick.app may be digitally signed by the Tunnelblick Project with the Project's macOS digital signature. The signature is used in OS X 10.5 ("Leopard") and higher to allow an updated application with the same signature as the original application to access Keychain items created by the original application without macOS prompting the user for permission.
  • Update signature Updates to Tunnelblick are always digitally signed by the Tunnelblick Project. This is part of the update process, to ensure that updates to Tunnelblick are genuine and have not been tampered with or corrupted.

Why Application Signatures Are Useful

If the user agrees, Tunnelblick stores usernames, passwords and passphrases for VPNs in the user's Keychain so that the user does not have to enter them each time a connection is made.

For security reasons, macOS is careful when applications access the user's Keychain. Usually only the original application that created a Keychain item is allowed access to it. This means that when an application is updated, even though it has the same name, macOS will recognize that it is different and ask the user if the program may access the Keychain. In OS X 10.5 and higher, if the updated application is "digitally signed" by the same signer as the original application, macOS will allow it to access the Keychain without asking the user.

Digital signatures are also used by the Gatekeeper on OS X 10.8 ("Mountain Lion") and higher. By default, Gatekeeper allows the installation only of applications signed by developers recognized by Apple. Signed versions of Tunnelblick versions 3.3beta08 and higher are signed by such a developer so that they may be installed easily.

How Application Signatures Can Cause Problems for Deployed Versions of Tunnelblick

If an application is digitally signed, and a change is made to the application, the signature becomes invalid. That can cause problems for Deployed versions of Tunnelblick, because the process of creating a Deployed version involves changing the application by adding a folder inside the application itself. If such a folder is added to a signed version of Tunnelblick, the signature becomes invalid. OS X 10.8 and higher will not allow the user to install Tunnelblick, and OS X 10.5 and higher will refuse the program access to it's Keychain items, without asking the user.

The way to solve this problem is to add the folder to an unsigned version of Tunnelblick, then sign the unsigned, already modified Tunnelblick. That will give users the benefits of digital signatures. See Signing Tunnelblick for details on how to digitally sign Tunnelblick or a rebranded version of Tunnelblick.