Is the Get Info check enough, or do I need to use terminal?

Get Info is sufficient for most users. The macOS UI shows the signing certificate identity directly; if it reads 'Sei Wallet Labs Inc' with our Team ID, the signature is valid. The terminal commands (codesign, spctl) do exactly the same verification at the cryptographic level.

What's the difference between code signing and notarization?

Code signing is 'this binary was signed with our private key' — proves it came from us. Notarization is 'Apple scanned this binary and didn't find malware' — Apple's automated security check. We do both. Both should pass on the official .dmg.

Can a malicious app fake an Apple Developer ID signature?

Not without compromising Apple's signing infrastructure. The cryptographic chain is rooted in keys Apple physically controls. The realistic risk is someone distributing a binary signed with a different Apple Developer ID under a similar name — which is why verifying the Team ID matters, not just the presence of any signature.

Why do I sometimes see different security warnings on different macOS versions?

Apple's Gatekeeper behavior has evolved across macOS versions. The codesign and spctl commands work consistently; the GUI prompts differ. If you see a prompt that doesn't appear in this article, run the terminal verification — it's more consistent across versions.

Where do I find the Team ID to compare against?

Published in two places: at /security on this site, and in github.com/seiwalletlabs/sei-wallet/blob/main/SECURITY.md. Both must show the same Team ID at all times. If they don't match, treat it as a security disclosure.

Verify Sei Wallet Signature on macOS

Why verify

macOS Gatekeeper won't run unsigned apps without manual override. But manual verification adds confidence for a wallet binary, where the cost of running tampered software is your seed phrase getting stolen.

Apple Developer ID signature. A certificate Apple issues to verified developers (Sei Wallet Labs Inc). The signature attests the binary was signed with our certificate's private key.

Apple notarization. Apple scans the binary for malware and gives it a notarization ticket. Notarized binaries pass Gatekeeper's automatic checks.

The fast verification (Get Info)

Mount the .dmg by double-clicking
Drag Sei Wallet.app to Applications
Right-click (or Control-click) the app in Applications, choose Get Info
Look at the Code Signature line. It should read: Sei Wallet Labs Inc (XXXXXXXXXX)

If it shows our team and identifier, the signature is valid. If unexpected team, unsigned warning, or "not validated" — do not launch.

The thorough verification (terminal)

Step 1 — verify the signature with codesign:

codesign --verify --deep --strict --verbose=2 /Applications/Sei\ Wallet.app

Successful output:

/Applications/Sei Wallet.app: valid on disk /Applications/Sei Wallet.app: satisfies its Designated Requirement

Step 2 — verify the notarization with spctl:

spctl --assess --type execute --verbose /Applications/Sei\ Wallet.app

Successful output:

/Applications/Sei Wallet.app: accepted source=Notarized Developer ID

Step 3 — confirm our team identifier:

codesign -dv --verbose=4 /Applications/Sei\ Wallet.app 2>&1 | grep -E "TeamIdentifier|Authority"

Output should include lines like:

Authority=Developer ID Application: Sei Wallet Labs Inc (XXXXXXXXXX) Authority=Developer ID Certification Authority Authority=Apple Root CA TeamIdentifier=XXXXXXXXXX

The XXXXXXXXXX value should match the Team ID published at /security.

What "Apple notarization" means

Apple notarization is an automated security scan, not a curation review. Apple scans the binary for known malware signatures and approves if no threats detected. Notarization does NOT mean Apple "endorses" the application.

Common macOS issues

"App can't be opened because it's from an unidentified developer." Either downloaded from unofficial source (re-download from /download), or quarantine flag set. Right-click → Open the first time, or run xattr -d com.apple.quarantine /Applications/Sei\ Wallet.app.

"App is damaged and can't be opened." .dmg downloaded incorrectly. Re-download from /download.

"Cannot verify developer of [...]." Older Gatekeeper prompt. Run codesign verification to confirm before clicking Open.

What if signature verification fails

Stop. Do not launch the app:

Re-download from /download. Official source.
Check the Team ID against /security. If signed with a different Team ID, you may be looking at a different signed app.
Contact security@seiwallet.net. PGP-encrypted disclosure preferred.

Updating the app

When a new version releases, repeat verification on the new .dmg before running. We don't auto-update on macOS. Click "Check for Updates" inside the app — opt-in, doesn't transmit identifiers.

How to verify a Sei Wallet binary signature on macOS