# Entitlements You might to enable this default to use private entitlements ``` sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always ``` Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES. ## Building/linking If you get dyld errors running from the command line, use `install_name_tool` to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is). `install_name_tool -add_rpath . ./kordophoned` ## Running You need to hook imagent first to bypass entitlements check. Look at `hookAgent.sh` ## SSL If you want to run with SSL, you have to generate a self-signed certificate, and have the Mac trust the root cert. ### Generate a root cert 1. Generate root key `openssl genrsa -out Kordophone-root.key 4096` 2. Generate root certificate `openssl req -x509 -new -nodes -key Kordophone-root.key -sha256 -days 1024 -out Kordophone-root.crt` 3. Add this certificate to the Mac's trust store via Keychain Access. Set to "Always Trust" ### Create signing certificate by signing a new cert with the root cert 1. Generate signing key `openssl genrsa -out kp.localhost.key 2048` 2. Create certificate signing request `openssl req -new -key kp.localhost.key -out kp.localhost.csr` 3. Sign the cert with the root cert `openssl x509 -req -in kp.localhost.csr -CA Kordophone-root.crt -CAkey Kordophone-root.key -CAcreateserial -out kp.localhost.crt -days 365 -sha256` 4. kordophoned works with a signing cert in PKCS12 format. Convert the cert and the privkey to PKCS12 `openssl pkcs12 -export -in kp.localhost.crt -inkey kp.localhost.key -out certificate.p12 -name "Kordophone"` ### Start kordophone with the SSL options and provide the p12 `kordophoned -s -c certificate.p12` ## Authentication Basic Authentication is also optional, but requires SSL to be enabled as well. To configure basic authentication, create a file containing your username and password on two separate lines encrypted with your GPG key. `echo "username\npassword" > password.txt"` `gpg -e -r (your email) -o password.asc password.txt` Then run kordophoned with the following option `kordophone -s -c certificate.p12 -a password.asc` You may need to unlock your GPG keyring (via gpg-agent) when running kordophoned the first time.