Summary of use of MAC security tools

Source: Internet
Author: User
Tags decrypt sha1

Security is the command-line management tool for Keychain and security modules in Mac Systems (the graphical tool is Keychain Access.app). A keychain (Keychain) is essentially a repository for secure authentication entities such as certificates, keys, and passwords, and is stored as a. Keychain file in the computer, usually in the following directory:

    • ~/library/keychains/
    • /library/keychains/
    • /network/library/keychains/

Security API Documentation: https://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/ 01introduction/introduction.html

Security command

The syntax is as follows:

security [-HILQV] [-p prompt] [command] [command options] [command args]

    • [subcommand]-H help, view all commands when no command parameters are used, show how to use the command with command arguments
    • -I interactive mode
    • -P <prompt> Enter interactive mode, using a custom prompt
    • -Q Reduce Information output
    • -V Increase Information output
    • -L Security call/usr/bin/leaks-nocontext to check for leaks in the executed command before exiting

subcommand (command)

The list of subcommands is as follows, and the security [-hilav] [-P prompt] in front of the command syntax is ignored in the description of the subcommands later.

  • Help
  • Create-keychain Create keychain and join search list
  • List-keychains displaying or setting keychain search lists
  • Default-keychain Show or set the default keychain
  • Login-keychain Display or set login keychain
  • Delete-keychain Delete Keychain and remove from search list
  • Lock-keychain Locking the established keychain
  • Unlock-keychain Unlock the established keychain
  • Set-keychain-settings Setting the Keychain configuration
  • Set-keychain-password Setting Keychain Password
  • Dump-keychain Display the contents of one or more keychain
  • Create-keypair creating an asymmetric key pair
  • Add-generic-password Adding a common password entry to the keychain
  • Find-generic-password finding a Universal Password entry
  • Delete-generic-password Delete a universal password entry
  • Add-internet-password Adding a network password entry to the keychain
  • Find-internet-password Finding network Password entries
  • Delete-internet-password Delete a network password entry
  • add-certificates Adding a certificate to a keychain
  • find-certificate Finding a certificate
  • delete-certificate Remove a certificate from the keychain
  • find-identity Find authentication Entity (certificate + private key)
  • Set-identity-preference
  • Get-identity-preference
  • Create-db
  • Export
  • Import
  • CMS encoding or decoding CMS information (pkcs#7)
  • Install-mds Installing/Reloading the MDS database
  • Add-trusted-cert Add a trusted certificate (public key only, no private key)
  • Remove-trusted-cert Deleting a trusted certificate
  • Dump-trusted-setting Display Trust configuration
  • user-trust-settings-enable Display or manage user-level trust configuration
  • Trust-settings-export Export Trust Configuration
  • Trust-settings-import Import Trust Configuration
  • Verify-cert Authentication Certificate
  • Authorize authorization actions
  • AUTHORIZATIONDB Change authorization policy database
  • Execute-with-privileges with privileged Execution tool
  • Leaks running/usr/bin/leaks in this process
  • Error displays descriptive information for the specified error code
  • Create-filevaultmaster-keychain creates a keychain with key pair for FileVault recovery (FileVault is a privacy mechanism in the Apple system that automatically and transparently encrypts and decrypts the contents of the home directory in real Time)

Create a Keychain

Create-keychain [-P] [-P <password>] <keychainFiles...>

    • -p <password> Set password for newly created keychain
    • -p call Securityagent graphical program to set password

Add a key to the Keychain (certification program)

Import <inputfile> [-K <keychain>] [-t <type>] [-F format] [-W] [-P passphrase] [options ...]

    • - k <keychain> Specify which keychain to import the project into
    • - T <type> Specifies the type of project to import, with the following values: Pub | priv | session | cert | agg
    • - F <format> Specifies the format of the imported project, with the desired value: OpenSSL | OPENSSL1 | OPENSSL2 | BSafe | Raw | PKCS7 | Pkcs8 | PKCS12 | Netscape | Pemseq
    • -W indicates the private key is wrapped and should be unpacked when importing
    • -X indicates that the private key cannot be extracted after import
    • - p <password> Direct Import entry password, default to use GUI input password
    • -a specifies a key-value pair property that can recur multiple times
    • -A All programs can use the imported items
    • - T specifies that you can use the program that imports the project, which can recur multiple times

123456   certsofappbuild.keychainsecurity unlock123456111111  -t/usr/bin/ codesign...sign operation...security Delete-keychain Certsofappbuild.keychian

Find an authentication Entity (certificate + private key)

find-identity [-P policy] [-s string] [-v] [keychain ...]

    • -P Search by specified purpose policy, can be repeated to specify multiple items, available values are: Basic, Ssl-client, Ssl-server, SMIME, EAP, IPSec, ichat, codesigning, Sys-de Fault, SYS-KERBEROS-KDC, Macappstore, AppleID
    • -S provides parameters for the policy specified by-p
    • - v displays only valid, which shows all by default.
    • If keychain is not specified, the default search list is used
find-identity-v-P codesigning    #显示默认搜索列表中有效地认证实体

Display or set a keychain search list

List-keychain [-D user|system|common|dynamic] [-s [keychain ...]

    • -D using the specified preference domain
    • -S Set Keychain search list
    • Displays the search list without any parameters

Encrypt/Decrypt CMS information (pkcs#7)

CMS [-cdes] [<options>]

    • -C Create a CMS encryption information
    • - D Decrypt CMS information
    • -E Create CMS package information
    • -S Create CMS signature information

Decryption options

    • -c <content_file> using detached content files
    • -h <level> produce headers with CMS message information
    • -N Suppress content output

Encoding options

    • -R ID,... To create a package for the specified recipient, the ID can be certificate nickname or email adderess
    • -G contains signature time properties
    • -h
    • -N <certi_nickname> signing with the specified certificate
    • -P contains the Smimecapabilities property
    • -T CMS information does not contain content
    • -y <certi_nickname> contains the encryptionkeypreference attribute for the specified certificate, using none to ignore
    • -Z

Common options

  • -e <envelope> Specify the envelope file, in combination with-D,-E
  • -K keychain Specifies the keychain used
  • -I <infile> input data from file, default input is stdin
  • - o <outfile> output data to file, default to stdout
  • -P <password> Specify a key db password, which is prompted by default
  • -s transmit data byte by bit
  • -V Display debug information
  • -U <certusage> Set certificate usage type, default to Certusageemailsigner
    • 0 certusagesslclient
    • 1 certusagesslserver
    • 2 Certusagesslserverwithstepup
    • 3 Certusagesslca
    • 4 Certusageemailsigner
    • 5 certusageemailrecipient
    • 6 Certusageobjectsigner
    • 7 Certusageusercertimport
    • 8 Certusageverifyca
    • 9 Certusageprotectedobjectsigner
    • Ten Certusagestatusresponder
    • Certusageanyca

 

Security Cms-d-I. example.mobileprovision

Summary of use of MAC security tools

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.