Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

systemkeychain(8) [mojave man page]

SYSTEMKEYCHAIN(8)					    BSD System Manager's Manual 					 SYSTEMKEYCHAIN(8)

NAME

     systemkeychain -- creates system keychains and allows keychains to unlock keychains

SYNOPSIS

     systemkeychain [-fv] [-k filename] [-C] [password]
     systemkeychain [-fvc] [-k filename] [-s] [file ...]
     systemkeychain [-v] [-k filename] [-t]

DESCRIPTION

     The systemkeychain can be used to create a system keychain, make it possible for a keychain to unlock another keychain, or test unlocking a
     keychain.

     The options are as follows:

     -C      Create a keychain and establish it in the system as the primary system keychain whose unlocking is automatically handled by the sys-
	     tem. The new keychain is empty. If the optional password argument is given, the keychain can be also be unlocked with that; other-
	     wise, the keychain has no password and can only be unlocked by the system.  The optional password option is generally used for test-
	     ing purposes, and using it is not recommended.

     -s      Extract the master secret from source keychain(s) and install them in a destination keychain to allow unlocking.

     -t      Test unlocking the system keychain.

     -k systemKeychain
	     Use a keychain other than the default as the destination system keychain.

     -c      Create the target keychain if necessary.

     -f      Force creation of a system keychain or overwriting of an existing key for keychain unlocking keychain operations.

     -v      Turn on verbose mode.

     By default, systemkeychain works with the keychain file stored at /Library/Keychains/System.keychain .  Use of the -k option can specify a
     different target file.

     Use of the -s option allows keychains to be setup to unlock other keychains.  Chains of keychain unlocks can be setup in this manner to make
     a series of keychains unlock while only needing to manually unlock the first one.	This functionality can be verified with the -t (test
     unlock) option.

FILES

     /Library/Keychains/System.keychain

DIAGNOSTICS

     The systemkeychain utility exits 0 on success, and >0 if an error occurs.

HISTORY

     The systemkeychain command appeared in Mac OS 10.2.0 .

BSD
								  March 14, 2006							       BSD

Check Out this Related Man Page

productsign(1)						    BSD General Commands Manual 					    productsign(1)

NAME

     productsign -- Sign an OS X Installer product archive

SYNOPSIS

     productsign [options] --sign identity input-product-path output-product-path

DESCRIPTION

     productsign adds a digital signature to a product archive previously created with productbuild(1).  Although you can add a digital signature
     at the time you run productbuild(1), you may wish to add a signature later, once the product archive has been tested and is ready to deploy.
     If you run productsign on a product archive that was previously signed, the existing signature will be replaced.

     To sign a product archive, you will need to have a certificate and corresponding private key -- together called an ``identity'' -- in one of
     your accessible keychains. To add a signature, specify the name of the identity using the --sign option. The identity's name is the same as
     the ``Common Name'' of the certificate.

     If you want to search for the identity in a specific keychain, specify the path to the keychain file using the --keychain option. Otherwise,
     the default keychain search path is used.

     productsign will embed the signing certificate in the product archive, as well as any intermediate certificates that are found in the key-
     chain. If you need to embed additional certificates to form a chain of trust between the signing certificate and a trusted root certificate
     on the system, use the --cert option to give the Common Name of the intermediate certificate. Multiple --cert options may be used to embed
     multiple intermediate certificates.

     The signature can optionally include a trusted timestamp. This is enabled by default when signing with a Developer ID identity, but it can be
     enabled explicitly using the --timestamp option. A timestamp server must be contacted to embed a trusted timestamp. If you aren't connected
     to the Internet, you can use --timestamp=none to disable timestamps, even for a Developer ID identity.

ARGUMENTS AND OPTIONS

     --sign identity-name
		 The name of the identity to use for signing the product archive.

     --keychain keychain-path
		 Specify a specific keychain to search for the signing identity.

     --cert certificate-name
		 Specify an intermediate certificate to be embedded in the product archive.

     --timestamp
		 Include a trusted timestamp with the signature.

     --timestamp=none
		 Disable trusted timestamp, regardless of identity.

     input-product-path
		   The product archive to be signed.

     output-product-path
		   The path to which the signed product archive will be written. Must not be the same as input-product-path.

SEE ALSO

     productbuild(1)

Mac OS								September 15, 2010							    Mac OS
Man Page