3

I have a script that loads a user's identity into keychain. The script deletes old or duplicate certificates and imports new identities without issue. But the private keys are left behind from previous identities. I re-read "man security" but I can't seem to find a solution. Removing the users keychain in this case is not an option. Any advise?

I realize there is an similar question here: Remove private key from Mac OS X keychain using Terminal but the answer of "delete the Keychain" isn't possible in my case. I posted a question to that thread, but it was deleted by a moderator of some reason. So I'm opening a new question here.

Thank you!

Community
  • 1
  • 1
Sonic84
  • 931
  • 1
  • 10
  • 16
  • 1
    just to clarify: _create_ temporary keychain, probably select it as system default for you operation, import all necessary certificates and keys, do all you need, than use `security delete-keychain && rm /tmp/1.keychain` isn't suitable for you too? – Andrey Starodubtsev Feb 22 '12 at 05:53

1 Answers1

0

The certificate and private key can be removed with the following command:

security delete-identity -Z {certificate-sha1} {keychain-path}

You may need to unlock the keychain first.

BitByteDog
  • 3,074
  • 2
  • 26
  • 39