systemkeychain.8   [plain text]

.Dd March 14, 2006
.Nm systemkeychain
.Nd creates system keychains and allows keychains to unlock keychains
.\" create system keychain (-C)
.Op Fl fv
.Op -k filename
.Op -C
.Op Ar password
.\" setup uplock dependency (-s)
.Op Fl fvc
.Op -k filename
.Op -s
.Op Ar file ...
.\" test unlock dependency (-t)
.Op Fl v
.Op -k filename
.Op -t
can be used to create a system keychain, make it possible for a keychain to unlock another keychain,
or test unlocking a keychain.
The options are as follows:
.Bl -tag -width indent
.It Fl C
Create a keychain and establish it in the system as the primary system keychain whose unlocking is
automatically handled by the system. The new keychain is empty. If the optional password argument
is given, the keychain can be also be unlocked with that; otherwise, the keychain has no password
and can only be unlocked by the system.  The optional password option is generally used for testing
purposes, and using it is not recommended.
.It Fl s
Extract the master secret from source keychain(s) and install them in a destination keychain to allow unlocking.
.It Fl t
Test unlocking the system keychain.
.It Fl k Ar systemKeychain
Use a keychain other than the default as the destination system keychain.
.It Fl c
Create the target keychain if necessary.
.It Fl f
Force creation of a system keychain or overwriting of an existing key for keychain unlocking keychain operations.
.It Fl v
Turn on verbose mode.
By default,
works with the keychain file stored at /Library/Keychains/System.keychain .  Use of the -k option can specify
a different target file.
Use of the -s option allows keychains to be setup to unlock other keychains.  Chains of keychain unlocks can be
setup in this manner to make a series of keychains unlock while only needing to manually unlock the first one.
This functionality can be verified with the -t (test unlock) option.
.Bl -tag -width /Library/Keychains/System.keychain -compact
.It Pa /Library/Keychains/System.keychain
.lt Pa /var/db/SystemKey
.Ex -std
command appeared in
Mac OS 10.2.0 .