Disable KeyChain export private keys and certificates

adam_vu
New Contributor III

Hi all,
Is there any way to disable export option for some private keys and certificates in KeyChain?
I tried to import the keys with -x option (Specify that private keys are non-extractable after being imported.)

security import -x

At the first right click to the key in KeyChain, it doesn't show the export option. However, at the second and later right click, it shows the option.

5 REPLIES 5

adam_vu
New Contributor III

Any help?

adam_vu
New Contributor III

Any help?

maurits
Contributor

Are you referring to the option in recent versions Jamf Pro to disable (NOT 'Allow export... as seen in attached screenshot) the export of certs mangaged by a profile?! Otherwise, if the private key is 'owned' by the user, it seems logical that exporting is always allowed. On top of that, KeyChain access app has some weird issues (at least to me) for authorisation like asking access twice, or not at all.

fecd553379654571ab74fd9ae69f4684

Hi, i have used this option, and still user is still able to export the certificate, any other option have u got to disable the export option.

adam_vu
New Contributor III

@maurits Hey thank you for you response. Actually, I installed private keys and certificates using script, not the profile. That's the reason why I used "security" command line