Help

Disable KeyChain export private keys and certificates

adam_vu
New Contributor III

Posted on ‎02-02-2020 02:28 PM

Hi all,
Is there any way to disable export option for some private keys and certificates in KeyChain?
I tried to import the keys with -x option (Specify that private keys are non-extractable after being imported.)

security import -x

At the first right click to the key in KeyChain, it doesn't show the export option. However, at the second and later right click, it shows the option.

0 Kudos
Reply
5 REPLIES 5

adam_vu
New Contributor III

Posted on ‎02-03-2020 09:50 AM

Any help?

0 Kudos
Reply

adam_vu
New Contributor III

Posted on ‎02-06-2020 11:54 AM

Any help?

0 Kudos
Reply

maurits
Contributor

Posted on ‎02-07-2020 09:55 AM

Are you referring to the option in recent versions Jamf Pro to disable (NOT 'Allow export... as seen in attached screenshot) the export of certs mangaged by a profile?! Otherwise, if the private key is 'owned' by the user, it seems logical that exporting is always allowed. On top of that, KeyChain access app has some weird issues (at least to me) for authorisation like asking access twice, or not at all.

fecd553379654571ab74fd9ae69f4684

0 Kudos
Reply

sachinkpshinde
New Contributor
In response to maurits

Posted on ‎08-28-2023 05:46 AM

Hi, i have used this option, and still user is still able to export the certificate, any other option have u got to disable the export option.

0 Kudos
Reply

adam_vu
New Contributor III

Posted on ‎02-10-2020 08:31 AM

@maurits Hey thank you for you response. Actually, I installed private keys and certificates using script, not the profile. That's the reason why I used "security" command line

0 Kudos
Reply