So what do we do if we have a mac app created with air sdk on mac, from an air file?
I know how to do it with a captive runtime bundle, but I'm not sure what's involved if you have an .air file for the shared runtime. I think that the shared runtime is 32-bit, so it might not even run on Catalina at all.
is there some mac app that can do a resign?
I've successfully signed an AIR captive runtime app using /usr/bin/codesign. It's a command line tool that I believe is installed with XCode.
(Just to clarify, when I package the captive runtime app with AIR's tools, I sign it with the same certificate as Windows because AIR requires a certificate. Then, I re-sign the app with Apple's certificate afterwards. I recall running into errors when I tried to use AIR's tools with Apple's certificate. Maybe it's possible, but the two step process wasn't annoying enough for me to investigate further.)
can we use the certificate we use for iPhone apps to sign this app or should we get a different certificate?
It's different certificates for macOS apps versus iOS apps.
There are two options or macOS apps that you can get from the Apple developer portal.
1) "mac app store" certificate
2) "developer id" certificate.
To distribute from your website or somewhere else outside of the app store, you need to use the "developer id" certificate.