macos 使用终端从 Mac OS X 钥匙串中删除私钥
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7678057/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Remove private key from Mac OS X keychain using Terminal
提问by Benjamin
I've imported a developer identity (certificate + private key) for iOS development to a keychain using the "security" Terminal application with the command
我已经使用带有命令的“安全”终端应用程序将用于 iOS 开发的开发人员身份(证书 + 私钥)导入到钥匙串中
security import identity.p12 -k <keychain> -P <passphrase>
This imports both items included in the p12 file, certificate and private key, into the given keychain. I forgot to specify -T /usr/bin/codesign, however, which adds the codesign application to the access list of the private key. I've tried to add the codesign app to the access list to no avail:
这会将 p12 文件中包含的两个项目、证书和私钥导入给定的钥匙串。-T /usr/bin/codesign但是,我忘记指定,它将 codesign 应用程序添加到私钥的访问列表中。我试图将 codesign 应用程序添加到访问列表中,但无济于事:
- I've tried to re-import the identity with the added parameter but that does not seem to change the access list of the private key.
- I've also tried deleting the certificate from the keychain using
security delete-certificateand re-importing. This does not change the access list of the private key.
- 我尝试使用添加的参数重新导入身份,但这似乎并没有改变私钥的访问列表。
- 我还尝试使用
security delete-certificate并重新导入从钥匙串中删除证书。这不会更改私钥的访问列表。
Since I only have ssh access to the machine, using the Keychain GUI application won't work. Therefore I'm looking for a way to delete the private key from the keychain (so that I can re-import the identity afterwards). I've checked the man page of the securitytool but did not find a means to delete a private key.
由于我只能通过 ssh 访问机器,因此无法使用 Keychain GUI 应用程序。因此,我正在寻找一种从钥匙串中删除私钥的方法(以便我可以在之后重新导入身份)。我检查了该security工具的手册页,但没有找到删除私钥的方法。
Is there any way you can remove a private key from a keychain using Terminal commands only (as I do only have ssh access to the machine in question)?
有什么方法可以仅使用终端命令从钥匙串中删除私钥(因为我只能通过 ssh 访问相关机器)?
回答by Erik
There are several keychains on your system:
您的系统上有几个钥匙串:
sudo security list-keychains
"/Users/JonDoe/Library/Keychains/login.keychain"
"/Library/Keychains/System.keychain"
I think you imported it into the System-Keychain: First make a backup of your System Root Certificates before making any changes (or any other keychain you choose):
我认为您将它导入到系统钥匙串中:在进行任何更改(或您选择的任何其他钥匙串)之前,首先备份您的系统根证书:
cd /System/Library/Keychains/
sudo cp SystemRootCertificates.keychain SystemRootCertificates.keychain.old
List all keychains / all certificates in your keychain:
列出钥匙串中的所有钥匙串/所有证书:
ls -l /System/Library/Keychains/
sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain
With the second command each certificate of the keychain is shown. Identify the certificate you want to remove. Then remove the certificate with the following command:
使用第二个命令显示钥匙串的每个证书。确定要删除的证书。然后使用以下命令删除证书:
sudo security delete-certificate -Z <SHA-1 hash of certificate> /System/Library/Keychains/SystemRootCertificates.keychain
**alternative:**
sudo security delete-certificate -c <common name of certificate> /System/Library/Keychains/SystemRootCertificates.keychain
That's all. Now you can import your certificate again. In case of an error, you can restore your keychain with the following command:
就这样。现在您可以再次导入您的证书。如果出现错误,您可以使用以下命令恢复您的钥匙串:
sudo security import certificate_files_backup -k /System/Library/Keychains/SystemRootCertificates.keychain -t cert
回答by mayqueen
You can delete certificate and key by running a command in the terminal:
您可以通过在终端中运行命令来删除证书和密钥:
sudo security delete-identity -Z "SHA-1"
or
或者
sudo security delete-identity -c "CommonName"
At the beginning I thought it removes only the key, but in fact it removes certificate too (you just need to close the keychain completely and open it again to see the changes - if you are verifying it with GUI).
一开始我以为它只删除了密钥,但实际上它也删除了证书(您只需要完全关闭钥匙串并再次打开它以查看更改 - 如果您使用 GUI 验证它)。
From man security:
来自man security:
delete-identity [-h] [-c name] [-Z hash] [-t] [keychain...]
Delete a certificate and its private key from a keychain. If no keychain arguments are provided, the default search list is used.
-c name Specify certificate to delete by its common name
-Z hash Specify certificate to delete by its SHA-1 hash
-t Also delete user trust settings for this identity certificate
You may need to unlock the keychain first (from man security):
您可能需要先解锁钥匙串(从man security):
unlock-keychain [-hu] [-p password] [keychain]
Unlock keychain, or the default keychain if none is specified.
