Index: /trunk/include/iprt/crypto/applecodesign.h
===================================================================
--- /trunk/include/iprt/crypto/applecodesign.h	(revision 74691)
+++ /trunk/include/iprt/crypto/applecodesign.h	(revision 74692)
@@ -36,4 +36,14 @@
  * @{
  */
+
+/** Apple developer ID for application signing. */
+#define RTCR_APPLE_CS_DEVID_APPLICATION_OID             "1.2.840.113635.100.6.1.13"
+/** Apple developer ID for installer signing. */
+#define RTCR_APPLE_CS_DEVID_INSTALLER_OID               "1.2.840.113635.100.6.1.14"
+/** Apple developer ID for kernel extension signing. */
+#define RTCR_APPLE_CS_DEVID_KEXT_OID                    "1.2.840.113635.100.6.1.18"
+/** Apple certificate policy OID.   */
+#define RTCR_APPLE_CS_CERTIFICATE_POLICY_OID            "1.2.840.113635.100.5.1"
+
 
 /** @name Apple code signing magic values for identifying blobs
Index: /trunk/include/iprt/crypto/pkcs7.h
===================================================================
--- /trunk/include/iprt/crypto/pkcs7.h	(revision 74691)
+++ /trunk/include/iprt/crypto/pkcs7.h	(revision 74692)
@@ -40,4 +40,17 @@
  * @{
  */
+
+/** PKCS \#7 data object ID.*/
+#define RTCR_PKCS7_DATA_OID                         "1.2.840.113549.1.7.1"
+/** PKCS \#7 signedData object ID. */
+#define RTCR_PKCS7_SIGNED_DATA_OID                  "1.2.840.113549.1.7.2"
+/** PKCS \#7 envelopedData object ID. */
+#define RTCR_PKCS7_ENVELOPED_DATA_OID               "1.2.840.113549.1.7.3"
+/** PKCS \#7 signedAndEnvelopedData object ID.  */
+#define RTCR_PKCS7_SIGNED_AND_ENVELOPED_DATA_OID    "1.2.840.113549.1.7.4"
+/** PKCS \#7 digestedData object ID. */
+#define RTCR_PKCS7_DIGESTED_DATA_OID                "1.2.840.113549.1.7.5"
+/** PKCS \#7 encryptedData object ID. */
+#define RTCR_PKCS7_ENCRYPTED_DATA_OID               "1.2.840.113549.1.7.6"
 
 
@@ -380,5 +393,5 @@
 
 /** PKCS \#7 SignedData object ID.  */
-#define RTCRPKCS7SIGNEDDATA_OID "1.2.840.113549.1.7.2"
+#define RTCRPKCS7SIGNEDDATA_OID   RTCR_PKCS7_SIGNED_DATA_OID
 
 /** PKCS \#7 SignedData version number 1.  */
Index: /trunk/src/VBox/Runtime/common/asn1/oiddb.cfg
===================================================================
--- /trunk/src/VBox/Runtime/common/asn1/oiddb.cfg	(revision 74691)
+++ /trunk/src/VBox/Runtime/common/asn1/oiddb.cfg	(revision 74692)
@@ -83,4 +83,5 @@
 1.2.840.113549.1.9.16.2         = pkcs9-SMime-id-aa
 1.2.840.113549.1.9.16.2.12      = pkcs9-id-aa-SigningCertificate
+1.2.840.113549.1.9.16.2.14      = pkcs9-id-aa-Attributes
 1.2.840.113549.1.9.25           = pkcs9-SMime-at
 1.2.840.113549.1.9.25.1         = pkcs9-at-Pkcs15Token
@@ -89,4 +90,10 @@
 1.2.840.113549.1.9.25.4         = pkcs9-at-SequenceNumber
 1.2.840.113549.1.9.25.5         = pkcs9-at-Pkcs7PDU
+1.2.840.113635.100.6.1.13       = apple-cs-ext-DevId-Application
+1.2.840.113635.100.6.1.14       = apple-cs-ext-DevId-Installer
+1.2.840.113635.100.6.1.18       = apple-cs-ext-DevId-KernelExt
+1.2.840.113635.100.5.1          = apple-cert-policy
+1.2.840.113635.100.4.13         = apple-eku-packageSign
+#1.2.840.113635.100.9.1         = apple-???
 1.3.6                           = dod
 1.3.6.1                         = dod-Internet
Index: /trunk/src/VBox/Runtime/tools/RTSignTool.cpp
===================================================================
--- /trunk/src/VBox/Runtime/tools/RTSignTool.cpp	(revision 74691)
+++ /trunk/src/VBox/Runtime/tools/RTSignTool.cpp	(revision 74692)
@@ -86,6 +86,4 @@
     /** Pointer to the decoded SignedData inside the ContentInfo member. */
     PRTCRPKCS7SIGNEDDATA        pSignedData;
-    /** Pointer to the indirect data content. */
-    PRTCRSPCINDIRECTDATACONTENT pIndData;
 
     /** Newly encoded raw signature.
@@ -143,7 +141,5 @@
 {
     RTCrPkcs7ContentInfo_Delete(&pThis->ContentInfo);
-    pThis->pIndData    = NULL;
     pThis->pSignedData = NULL;
-    pThis->pIndData    = NULL;
     RTMemFree(pThis->pbBuf);
     pThis->pbBuf       = NULL;
@@ -199,6 +195,6 @@
             if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID))
             {
-                pThis->pIndData = pThis->pSignedData->ContentInfo.u.pIndirectDataContent;
-                Assert(pThis->pIndData);
+                PRTCRSPCINDIRECTDATACONTENT pIndData = pThis->pSignedData->ContentInfo.u.pIndirectDataContent;
+                Assert(pIndData);
 
                 /*
@@ -212,5 +208,5 @@
                 if (RT_SUCCESS(rc))
                 {
-                    rc = RTCrSpcIndirectDataContent_CheckSanityEx(pThis->pIndData,
+                    rc = RTCrSpcIndirectDataContent_CheckSanityEx(pIndData,
                                                                   pThis->pSignedData,
                                                                   RTCRSPCINDIRECTDATACONTENT_SANITY_F_ONLY_KNOWN_HASH,
@@ -223,4 +219,6 @@
                     RTMsgError("PKCS#7 sanity check failed for '%s': %Rrc - %s\n", pThis->pszFilename, rc, ErrInfo.szMsg);
             }
+            else if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCR_PKCS7_DATA_OID))
+            { /* apple code signing */ }
             else if (!fCatalog)
                 RTMsgError("Unexpected the signed content in '%s': %s (expected %s)", pThis->pszFilename,