Skip to content

Access private and public keys stored in Mac OS X's Keychain from the command line.

Notifications You must be signed in to change notification settings

CorporateActionMan/keychain_access

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 

Repository files navigation

keychain_access

The idea behind keychain_access is to provide Keychain features in the command line. Apple's security(1) command does already some of this work. Unfortunately there is no convenient way to to access public/private key pairs stored in the Keychain via security(1).

This is why I wrote keychain_access. I wanted to use private keys stored in my keychain in command-line scripts. This is helpful for signing files for Sparkles appcast without having to type my password all the time, while at the same time not having to worry that my private key is stored in plaintext on my harddrive.

Usage

$ keychain_access -h
Usage: keychain_access [-vh] [-p <password>] <key_name>
Options:
  -p <password>   Encrypt exported private keys with <password>.
                  The default is to export them without a password.
  -h              Show this information.
  -v              Print current version number.
  <key_name>      The name of the keychain item you want to access.
                  Has to be a public or private key.

If you want to pass a key from the Keychain to an openssl command without the key touching the harddrive, use a named pipe. This is how I use keychain_access to sign Sparkle updates:

PIPE="$OUTPUT_DIR/key.pipe"
mkfifo -m 0600 "$PIPE"
keychain_access name.of.the.private.key > "$PIPE" &

SIG=`openssl dgst -sha1 -binary < "$OUTPUT_DIR/$VOL.dmg" | openssl dgst -dss1 -sign "$PIPE" | openssl enc -base64`

rm "$PIPE"

Installing

Type make and then copy the executable named "keychain_access" to wherever you like in your $PATH.

License

MIT, see keychain_access.c.

Author

Torsten Becker <torsten dot becker at gmail dot com>

About

Access private and public keys stored in Mac OS X's Keychain from the command line.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 94.2%
  • Makefile 5.8%