Export or Import one or more items to/from a keychain.
Syntax
export [-k keychain] [-t type] [-f format] [-w] [-p format] [-P passphrase] [-o outfile]
import inputfile [-k keychain] [-t type] [-f format] [-w] [-P passphrase] [options...]
Options
-a attrName attrValue
Specify optional extended attribute name and value. Can be used multiple times.
This is only valid when importing keys.
-A Allow any application to access the imported key without warning (insecure, not
recommended!)
-f format Specify the format of the exported data. Possible formats are openssl, bsafe,
raw, pkcs7, pkcs8, pkcs12, x509, openssh1, openssh2, and pemseq. The command can
often figure out what format an item is in based in the filename and/or
item_type. The default is openssl if one key
is being exported. The default is x509 if one certificate is being exported.
-k keychain Specify keychain into which item(s) will be imported/exported.
-p Specifies that PEM armour is to be applied to the exports output data.
-P passphrase Specify the unwrapping passphrase immediately. The default is to obtain a secure
passphrase via GUI.
-o outfile Write the output data to outfile. Default is to write data to stdout.
-t type Specify the type of items to import/export.
Import types are: cert, pub, priv, session, cert, and agg.
Pub, priv, and session refer to keys; agg is one of the
aggregate types (pkcs12 and PEM sequence). The command can often figure out what
item_type an item contains based in the filename and/or item_format.
Export types are: certs, allKeys, pubKeys, privKeys, identities, and all.
The default is all. An identity consists of both
a certificate and the corresponding provate key.
-T appPath Specify an application which may access the imported key (multiple -T options
are allowed)
-w Specify that private keys are wrapped and must be unwrapped on import/export.
-x Specify that private keys are non-extractable after being imported.
If keychain isn’t provided, items will be exported or imported from the user’s default keychain.
Import a keychain:
security> import /tmp/certs.pem -k
security> import /tmp/mycerts.p12 -t agg -k newcert.keychain
security> import /tmp/mycerts.p12 -f pkcs12 -k newcert.keychain
Export a keychain:
security> export -k login.keychain -t certs -o /tmp/certs.pem
security> export -k newcert.keychain -t identities -f pkcs12 -o /tmp/mycerts.p12
“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing” ~ Helen Keller
Local man page: security - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.