Menu
I've imported a developer identity (certificate + private key) for iOS development to a keychain using the "security" Terminal application with the command
security import identity.p12 -k <keychain> -P <passphrase> This imports both items included in the p12 file, certificate and private key, into the given keychain. I forgot to specify -T /usr/bin/codesign, however, which adds the codesign application to the access list of the private key. I've tried to add the codesign app to the access list to no avail:
security delete-certificate and re-importing. This does not change the access list of the private key.Since I only have ssh access to the machine, using the Keychain GUI application won't work. Therefore I'm looking for a way to delete the private key from the keychain (so that I can re-import the identity afterwards). I've checked the man page of the security tool but did not find a means to delete a private key.
Is there any way you can remove a private key from a keychain using Terminal commands only (as I do only have ssh access to the machine in question)?
968
In the Keychain Access app on your Mac, if your keychains aren't visible, choose Window > Keychain Access. Select a keychain in the Keychains list. Choose File > Delete Keychain [keychain name]. Click Delete References.
Instructions for AndroidOpen the Settings application, and select the Security option. Navigate to the Trusted Credentials. Tap on the certificate that you would like to delete. Tap Disable.
There are several keychains on your system:
sudo security list-keychains "/Users/JonDoe/Library/Keychains/login.keychain" "/Library/Keychains/System.keychain" I think you imported it into the System-Keychain: First make a backup of your System Root Certificates before making any changes (or any other keychain you choose):
cd /System/Library/Keychains/ sudo cp SystemRootCertificates.keychain SystemRootCertificates.keychain.old List all keychains / all certificates in your keychain:
ls -l /System/Library/Keychains/ sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain With the second command each certificate of the keychain is shown. Identify the certificate you want to remove. Then remove the certificate with the following command:
sudo security delete-certificate -Z <SHA-1 hash of certificate> /System/Library/Keychains/SystemRootCertificates.keychain **alternative:** sudo security delete-certificate -c <common name of certificate> /System/Library/Keychains/SystemRootCertificates.keychain That's all. Now you can import your certificate again. In case of an error, you can restore your keychain with the following command:
sudo security import certificate_files_backup -k /System/Library/Keychains/SystemRootCertificates.keychain -t cert You can delete certificate and key by running a command in the terminal:
sudo security delete-identity -Z "SHA-1" or
sudo security delete-identity -c "CommonName" At the beginning I thought it removes only the key, but in fact it removes certificate too (you just need to close the keychain completely and open it again to see the changes - if you are verifying it with GUI).
From man security:
delete-identity [-h] [-c name] [-Z hash] [-t] [keychain...] Delete a certificate and its private key from a keychain. If no keychain arguments are provided, the default search list is used. -c name Specify certificate to delete by its common name -Z hash Specify certificate to delete by its SHA-1 hash -t Also delete user trust settings for this identity certificate You may need to unlock the keychain first (from man security):
unlock-keychain [-hu] [-p password] [keychain] Unlock keychain, or the default keychain if none is specified. If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
