Extracts the package table of contents as an XML file
xar --dump-toc={header.xml} -f {file.pkg}
Clean up the TOC to just the RSA signature information
/usr/bin/xmllint --xpath '//signature[@style="RSA"]' {header.xml} > {rsa.raw}
Joel Bruner brunerd
peasead
/ extract-pkg-x509-cert.md
Last active
April 29, 2021 22:44
Extracting code-signing certificates from .pkg files