Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

systemkeychain(8) [osx man page]

SYSTEMKEYCHAIN(8)					    BSD System Manager's Manual 					 SYSTEMKEYCHAIN(8)

systemkeychain -- creates system keychains and allows keychains to unlock keychains SYNOPSIS
systemkeychain [-fv] [-k filename] [-C] [password] systemkeychain [-fvc] [-k filename] [-s] [file ...] systemkeychain [-v] [-k filename] [-t] DESCRIPTION
The systemkeychain can be used to create a system keychain, make it possible for a keychain to unlock another keychain, or test unlocking a keychain. The options are as follows: -C Create a keychain and establish it in the system as the primary system keychain whose unlocking is automatically handled by the sys- tem. The new keychain is empty. If the optional password argument is given, the keychain can be also be unlocked with that; other- wise, the keychain has no password and can only be unlocked by the system. The optional password option is generally used for test- ing purposes, and using it is not recommended. -s Extract the master secret from source keychain(s) and install them in a destination keychain to allow unlocking. -t Test unlocking the system keychain. -k systemKeychain Use a keychain other than the default as the destination system keychain. -c Create the target keychain if necessary. -f Force creation of a system keychain or overwriting of an existing key for keychain unlocking keychain operations. -v Turn on verbose mode. By default, systemkeychain works with the keychain file stored at /Library/Keychains/System.keychain . Use of the -k option can specify a different target file. Use of the -s option allows keychains to be setup to unlock other keychains. Chains of keychain unlocks can be setup in this manner to make a series of keychains unlock while only needing to manually unlock the first one. This functionality can be verified with the -t (test unlock) option. FILES
/Library/Keychains/System.keychain DIAGNOSTICS
The systemkeychain utility exits 0 on success, and >0 if an error occurs. HISTORY
The systemkeychain command appeared in Mac OS 10.2.0 . BSD
March 14, 2006 BSD

Check Out this Related Man Page

SSH-KEYCHAIN(8) 					    BSD System Manager's Manual 					   SSH-KEYCHAIN(8)

ssh-keychain.dylib -- smartcard/keychain support library DESCRIPTION
The ssh-keychain.dylib library is used as a PKCS11 module replacement for the family of ssh tools. It provides certificates on SmartCards and/or in user keychains to the tools. OVERVIEW
By default, all valid certificates from all SmartCards currently inserted into attached readers are provided. Manual configuration of ssh-keychain.dylib is required if certificates in user keychains are desired, or if there is a need to limit which SmartCard certificates are provided. The public key hash is used to select which certificates should be provided. This hash is usually in hexadecimal string form, without the leading 0x. To determine the hash for certificate on a SmartCard, the sc_auth hash or sc_auth identities commands can be used. For certificates in user keychains, it is the value of the hpky attribute from security find-certificate output. ENVIRONMENT
Configuration passed through the environment always takes precedence over the configuration file. The variable KEYCHAIN_CERTIFICATES is used to specify hashes. It should contain a semicolon-separated list of public key hashes of certificates which will be provided to the ssh tools. CONFIG FILE
If no enviroment variable configuration is provided, ssh-keychain.dylib looks for a configuration file located at ~/.ssh/sshkeychain.plist. This file is a standard property-list with a dictionary root object. It should contain the key KeychainCertificates with a value that is either a string or an array of strings. If a string, then the expected value is semicolon-separated list of public key hashes like the envi- ronment variable. If the value is an array, then each hash is an array entry. EXAMPLES
Environment: KEYCHAIN_CERTIFICATES="AE31125DA4AAA294A4FED97B815D7F8DD1A78FF3;168D2C4CDDFCDADD465BAF3E6BCFE8193D8D42D1" ssh -o PKCS11Provider=/usr/lib/ssh-keychain.dylib machine Configuration plist: { "KeychainCertificates" => [ 0 => "AE31125DA4AAA294A4FED97B815D7F8DD1A78FF3" 1 => "168D2C4CDDFCDADD465BAF3E6BCFE8193D8D42D1" ] } FILES
~/.ssh/sshkeychain.plist SEE ALSO
sc_auth(8), ssh-add(1), ssh_config(5) Darwin June 1, 2019 Darwin
Man Page