How to use the command "security" (with examples)

How to use the command "security" (with examples)

  • Osx
  • December 25, 2023

The “security” command in macOS is a versatile tool for administering keychains, keys, certificates, and the Security framework. It provides a range of functions to manage security-related tasks on a system, such as listing keychains, creating and deleting keychains, setting certificate preferences, and adding or removing certificates from keychains.

Use case 1: List all available keychains

Code:

security list-keychains

Motivation: This use case allows you to view all the keychains available on your system. It can be helpful to check the keychains present and determine which keychain you want to use for specific tasks.

Explanation: The command “security list-keychains” lists all the keychains configured on your system. It provides a list of keychain paths that are currently being used.

Example output:

"/Library/Keychains/System.keychain"
"/Users/username/Library/Keychains/login.keychain-db"

Use case 2: Delete a specific keychain

Code:

security delete-keychain path/to/file.keychain

Motivation: This use case allows you to remove a specific keychain from your system. Deleting a keychain can be useful when you no longer need it or when it becomes corrupted.

Explanation: The “security delete-keychain” command deletes the specified keychain at the given file path. You need to provide the path to the keychain file, including the file extension (.keychain).

Use case 3: Create a keychain

Code:

security create-keychain -p password path/to/file.keychain

Motivation: This use case enables you to create a new keychain. Creating a keychain is necessary when you want to have a separate keychain to store specific keys, certificates, or security-related information.

Explanation: The “security create-keychain” command creates a new keychain at the given file path. You need to provide the desired password for the keychain using the “-p” option, followed by the password, and the path to the keychain file.

Use case 4: Set a certificate to use with a website or service by its common name

Code:

security set-identity-preference -s URL|hostname|service -c "common_name" path/to/file.keychain

Motivation: This use case allows you to set a specific certificate to be used with a website or service by its common name. It can be helpful to ensure that the correct certificate is used when authenticating or establishing secure connections.

Explanation: The “security set-identity-preference” command sets the identity preference for a specific URL, hostname, or service. The “-s” option is used to specify the URL, hostname, or service, and the “-c” option is used to specify the common name of the certificate. The command also requires the path to the keychain file where the certificate is located.

Use case 5: Add a certificate from file to a keychain

Code:

security add-certificates -k file.keychain path/to/cert_file.pem

Motivation: This use case allows you to add a certificate from a file to a specific keychain. Adding certificates to keychains is necessary when you want to use them for authentication, encryption, or secure connections.

Explanation: The “security add-certificates” command adds the certificate from the given PEM file to the specified keychain. If you don’t specify a keychain using the “-k” option, the default keychain is used. The command requires the path to the keychain file and the path to the certificate file.

Use case 6: Add a CA certificate to the per-user Trust Settings

Code:

security add-trusted-cert -k path/to/user-keychain.keychain-db path/to/ca-cert_file.pem

Motivation: This use case allows you to add a CA (Certificate Authority) certificate to the per-user Trust Settings. Adding a trusted CA certificate is necessary when you want to establish trust for certificates issued by that CA.

Explanation: The “security add-trusted-cert” command adds the CA certificate from the given file to the per-user Trust Settings. You need to specify the path to the user-keychain.keychain-db file using the “-k” option, followed by the path to the CA certificate file.

Use case 7: Remove a CA certificate from the per-user Trust Settings

Code:

security remove-trusted-cert path/to/ca-cert_file.pem

Motivation: This use case allows you to remove a CA (Certificate Authority) certificate from the per-user Trust Settings. Removing a CA certificate is necessary when you no longer trust that CA or want to revoke its trust for certificates issued by it.

Explanation: The “security remove-trusted-cert” command removes the specified CA certificate from the per-user Trust Settings. You need to provide the path to the CA certificate file that you want to remove.

Conclusion

The “security” command in macOS provides a wide range of functions for managing keychains, keys, certificates, and the Security framework. By using the provided examples, you can effectively perform tasks such as listing keychains, creating and deleting keychains, setting certificate preferences, and managing certificates within keychains.

Tags :

Related Posts

How to use the command hledger (with examples)

How to use the command hledger (with examples)

The hledger command is a plain text accounting software for the command-line.

Read More
How to use the command 'airport' (with examples)

How to use the command 'airport' (with examples)

The ‘airport’ command is a wireless network configuration utility in macOS.

Read More
Harnessing the Power of AWS CloudFormation (with examples)

Harnessing the Power of AWS CloudFormation (with examples)

Create a stack from a template file The create-stack command in AWS CloudFormation allows you to model and provision AWS resources by treating infrastructure as code.

Read More