ed25519 signatures should probably not be supported as they are not recognized by the OS #276
Description
I believe that Apple systems don't like Ed25519 signatures and rcodesign should probably throw an error instead of attempting to sign with them, lest users get confused.
I've also found that macOS (15.7.3) doesn't accept RSA (any key size) SHA-384 signatures, only SHA-256. I've not tried Secp384r1, since that requires some bother to generate the certs for it (and rcodesign doesn't support it in InMemoryPrivateKey).
Here's me trying to sign something and confirm it works or not:
$ cargo b -p apple-codesign && target/debug/rcodesign generate-self-signed-certificate --pem-unified-filename ec-te
st --algorithm ed25519 --person-name 'test cert'
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.14s
writing unified PEM to ec-test
$ cargo b -p apple-codesign && cp target/debug/rcodesign ./rcodesign && RUST_LOG=debug target/debug/rcodesign sign --pem-file ec-test ./rcodesign
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.15s
registering user config file: /Users/jade/Library/Application Support/rcodesign/rcodesign.toml
registering cwd config file: /Users/jade/co/apple-platform-rs/rcodesign.toml
registering RCODESIGN_ environment variable config source
registering config struct
reading PEM data from ec-test
adding private key from ec-test
adding certificate from ec-test
registering signing key
using time-stamp protocol server http://timestamp.apple.com/ts01
signing ./rcodesign in place
signing ./rcodesign as a Mach-O binary
inferring default signing settings from Mach-O binary
<snip>
preserving existing binary identifier in Mach-O (rcodesign-9d6bc1d7e5b73e3c)
preserving code signature flags in existing Mach-O signature (CodeSignatureFlags(ADHOC | LINKER_SIGNED))
setting binary identifier to rcodesign
parsing Mach-O
<snip>
deriving code requirements from signing certificate
binary targets macOS >= 11.0.0 with SDK 26.2.0
adding code signature flags from signing settings: CodeSignatureFlags(ADHOC | LINKER_SIGNED)
removing ad-hoc code signature flag
removing linker signed flag from code signature (we're not a linker)
code directory version: 132096
creating cryptographic signature with certificate Apple Development: test cert (unset)
Using time-stamp server http://timestamp.apple.com/ts01
rustls failed to parse DER certificate: InvalidCertificate(Other(OtherError(UnsupportedCriticalExtension)))
starting new connection: http://timestamp.apple.com/
total signature size: 413400 bytes
writing Mach-O to ./rcodesign
Then:
$ codesign --display -vvv ./rcodesign
Identifier=rcodesign-9d6bc1d7e5b73e3c
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=407667 flags=0x0(none) hashes=12734+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=c070863fdcec3ae386d8a062621fd03154f61335
CandidateCDHashFull sha256=c070863fdcec3ae386d8a062621fd03154f613359296c2ee68f2e90e55ec9ef9
Hash choices=sha256
CMSDigest=c070863fdcec3ae386d8a062621fd03154f613359296c2ee68f2e90e55ec9ef9
CMSDigestType=2
CDHash=c070863fdcec3ae386d8a062621fd03154f61335
Signature size=5585
Authority=(unavailable)
^^^^^^^^^ Problem!
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=104
Compare the same procedure with ecdsa:
Executable=/Users/jade/co/apple-platform-rs/rcodesign
Identifier=rcodesign-37f365da9a524427
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=395571 flags=0x0(none) hashes=12356+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=97e5a9b5c1b11f3c7149c24f535c29b7b24aa9a1
CandidateCDHashFull sha256=97e5a9b5c1b11f3c7149c24f535c29b7b24aa9a1b89580acea6ef0bbaa9d2e58
Hash choices=sha256
CMSDigest=97e5a9b5c1b11f3c7149c24f535c29b7b24aa9a1b89580acea6ef0bbaa9d2e58
CMSDigestType=2
CDHash=97e5a9b5c1b11f3c7149c24f535c29b7b24aa9a1
Signature size=5661
Authority=Apple Development: test cert (unset)
^^^^^^^^ Okay!!
Timestamp=Jan 29, 2026 at 13:08:45
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=104
This is on 80b6e52, fwiw.