Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Access private and public keys stored in Mac OS X's Keychain from the command line.
C
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
.gitignore
Makefile
README.md
keychain_access.c

README.md

keychain_access

The idea behind keychain_access is to provide Keychain features in the command line. Apple's security(1) command does already some of this work. Unfortunately there is no convenient way to to access public/private key pairs stored in the Keychain via security(1).

This is why I wrote keychain_access. I wanted to use private keys stored in my keychain in command-line scripts. This is helpful for signing files for Sparkles appcast without having to type my password all the time, while at the same time not having to worry that my private key is stored in plaintext on my harddrive.

Usage

$ keychain_access -h
Usage: keychain_access [-vh] [-p <password>] <key_name>
Options:
  -p <password>   Encrypt exported private keys with <password>.
                  The default is to export them without a password.
  -h              Show this information.
  -v              Print current version number.
  <key_name>      The name of the keychain item you want to access.
                  Has to be a public or private key.

If you want to pass a key from the Keychain to an openssl command without the key touching the harddrive, use a named pipe. This is how I use keychain_access to sign Sparkle updates:

PIPE="$OUTPUT_DIR/key.pipe"
mkfifo -m 0600 "$PIPE"
keychain_access name.of.the.private.key > "$PIPE" &

SIG=`openssl dgst -sha1 -binary < "$OUTPUT_DIR/$VOL.dmg" | openssl dgst -dss1 -sign "$PIPE" | openssl enc -base64`

rm "$PIPE"

Installing

Type make and then copy the executable named "keychain_access" to wherever you like in your $PATH.

License

MIT, see keychain_access.c.

Author

Torsten Becker <torsten dot becker at gmail dot com>

Something went wrong with that request. Please try again.