使用终端从Mac OS X钥匙串中删除私钥 [英] Remove private key from Mac OS X keychain using Terminal
问题描述
我已使用安全"终端应用程序通过命令将iOS开发的开发者身份(证书+私钥)导入到钥匙串中
I've imported a developer identity (certificate + private key) for iOS development to a keychain using the "security" Terminal application with the command
security import identity.p12 -k <keychain> -P <passphrase>
这会将p12文件中包含的两个项,证书和私钥都导入给定的钥匙串中.但是,我忘记指定-T /usr/bin/codesign,它将代码签名应用程序添加到私钥的访问列表中.我试图将codesign应用程序添加到访问列表中,但无济于事:
This imports both items included in the p12 file, certificate and private key, into the given keychain. I forgot to specify -T /usr/bin/codesign, however, which adds the codesign application to the access list of the private key. I've tried to add the codesign app to the access list to no avail:
- 我尝试用添加的参数重新导入身份,但这似乎并没有改变私钥的访问列表.
- 我还尝试使用
security delete-certificate从钥匙串中删除证书,然后重新导入.这不会更改私钥的访问列表.
- I've tried to re-import the identity with the added parameter but that does not seem to change the access list of the private key.
- I've also tried deleting the certificate from the keychain using
security delete-certificateand re-importing. This does not change the access list of the private key.
由于我只能通过ssh访问该计算机,因此无法使用Keychain GUI应用程序.因此,我正在寻找一种从钥匙串中删除私钥的方法(以便以后可以重新导入身份).我检查了security工具的手册页,但没有找到删除私钥的方法.
Since I only have ssh access to the machine, using the Keychain GUI application won't work. Therefore I'm looking for a way to delete the private key from the keychain (so that I can re-import the identity afterwards). I've checked the man page of the security tool but did not find a means to delete a private key.
有什么方法可以仅使用终端命令从私钥链中删除私钥(因为我只有ssh可以访问有问题的计算机)?
Is there any way you can remove a private key from a keychain using Terminal commands only (as I do only have ssh access to the machine in question)?
推荐答案
您的系统上有几个钥匙串:
There are several keychains on your system:
sudo security list-keychains
"/Users/JonDoe/Library/Keychains/login.keychain"
"/Library/Keychains/System.keychain"
我认为您已将其导入到系统钥匙串中: 首先进行系统根证书的备份,然后再进行任何更改(或您选择的任何其他钥匙串):
I think you imported it into the System-Keychain: First make a backup of your System Root Certificates before making any changes (or any other keychain you choose):
cd /System/Library/Keychains/
sudo cp SystemRootCertificates.keychain SystemRootCertificates.keychain.old
列出所有钥匙串/钥匙串中的所有证书:
List all keychains / all certificates in your keychain:
ls -l /System/Library/Keychains/
sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain
使用第二个命令显示钥匙串的每个证书.标识要删除的证书. 然后使用以下命令删除证书:
With the second command each certificate of the keychain is shown. Identify the certificate you want to remove. Then remove the certificate with the following command:
sudo security delete-certificate -Z <SHA-1 hash of certificate> /System/Library/Keychains/SystemRootCertificates.keychain
**alternative:**
sudo security delete-certificate -c <common name of certificate> /System/Library/Keychains/SystemRootCertificates.keychain
仅此而已.现在,您可以再次导入证书.发生错误时,您可以使用以下命令还原钥匙串:
That's all. Now you can import your certificate again. In case of an error, you can restore your keychain with the following command:
sudo security import certificate_files_backup -k /System/Library/Keychains/SystemRootCertificates.keychain -t cert
这篇关于使用终端从Mac OS X钥匙串中删除私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
