modify per-application access control for private key via command line?

Question

I have a cert in a key chain that contains a private key. I'd like to add an application to the access control "white list" for that key. I know how to do this using the graphical key chain tool, but I'd like to do it via the command line as part of an Xcode build script.

From what I can tell the "security" command is the way to manipulate key chains at the command line, but I can't figure out from the man page how I'd go about accomplishing this task.

For completeness, here's exactly what I do in the key chain tool that I'd like to do via the command line:

1. Click the cert to show its private key.
2. Right-click the private key and select the "Get Info" menu item.
3. Click the "Access Control" tab.
4. Click the "+" button to add an application to the white list.
5. Select the application (in my case Xcode) and click "Add".

I might also be interested in how to allow access to all applications.

Answer 1

I don't think there is any way from security to do this after the key was imported. However, if you're importing the key for the first time, you can use the -T flag:

 -T  Specify an application which may access the imported key 
     (multiple -T options are allowed)

So in my case I was able to do this:

security import my.key -P mypassword -T /usr/bin/pkgbuild

And everything worked!