.png){kind=logo}
You can add and remove certificates provided by the Signum agent to the macOS keychain. This is required to be able to use keys with native tools like Codesign and Productsign.
Use the signum-util tool with the keychain command to add and remove certificates.
Private keys cannot be exported from the HSM.
Adding to Keychain
The signum-util keychain --add command adds all certificates to the keychain:
signum-util keychain --add
Certificate with alias [Signum-RSA-4096] and ID [21] was added successfully to the KeyChain
After adding to the keychain, the certificate(s) should be listed:
sc_auth identities
SmartCard: com.keyfactor.signum.token:21
Unpaired identities:
C08811A3E3E1CA52F4629433E700FA44B42EA701 Signum-RSA-4096
Removing from Keychain
To remove certificates from the keychain, run the following command:
signum-util keychain --clear
Signum certificates where successfully removed from the KeyChain
After removing from the keychain, the certificate(s) are removed and will not be available to the keychain.