If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain. (Resetting a keychain sets aside the original default keychain file and creates a new one.)
Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end?
Cheers. (0 Replies)
xip(1) BSD General Commands Manual xip(1)NAME
xip -- Create a signed archive for secure distribution
SYNOPSIS
xip [options] --sign identity input-file ... output-archive
DESCRIPTION
The xip tool archives one or more files or directories into a signed XIP file. A XIP file is an analog to zip(1), but allows for a digital
signature to be applied and verified on the receiving system, before the archive is expanded. When a XIP file is opened (by double-clicking),
Archive Utility will automatically expand it (but only if the digital signature is intact).
To create a XIP file, you will need to have a certificate and corresponding private key -- together called an ``identity'' -- in one of your
accessible keychains. To add a signature, specify the name of the identity using the --sign option. The identity's name is the same as the
``Common Name'' of the certificate.
If you want to search for the identity in a specific keychain, specify the path to the keychain file using the --keychain option. Otherwise,
the default keychain search path is used.
xip will embed the signing certificate in the XIP file, as well as any intermediate certificates that are found in the keychain.
The signature can optionally include a trusted timestamp. This is enabled by default when signing with a Developer ID identity, but it can be
enabled explicitly using the --timestamp option. A timestamp server must be contacted to embed a trusted timestamp. If you aren't connected
to the Internet, you can use --timestamp=none to disable timestamps, even for a Developer ID identity.
ARGUMENTS AND OPTIONS --sign identity-name
The name of the identity to use for signing the archive.
--keychain keychain-path
Specify a specific keychain to search for the signing identity.
--timestamp
Include a trusted timestamp with the signature.
--timestamp=none
Disable trusted timestamp, regardless of identity.
input-file ...
The path to one or more files or directories to be archived.
output-archive
The path to which the signed archive will be written.
Mac OS September 23, 2011 Mac OS
