Reputation: 4377
How to delete a certificate from Mac Keychain through code?
I've looked into Apple's Certificate reference, and I don't see anything about removing certificates from the Keychain.
Is it allowed?
If so, how? If not, why not?
Upvotes: 2
Views: 2589
Answers (1)
Reputation: 4893
Certificates are a subtype of keychain items, so you can use SecKeychainItemDelete to remove them. To prevent compiler warnings, you'll need to explicitly cast the SecCertificateRef to a SecKeychainItemRef — plain C doesn't have language support for subclasses.
SecCertificateRef certificate = ...;
OSStatus status = SecKeychainItemDelete((SecKeychainItemRef)certificate);
if (status) {
// Handle error
}
If you target Mac OS 10.6 or later, you can also use the newer SecItemDelete API. It doesn't provide any advantages in the simplest case, but you can change the query argument to delete multiple certificates at once, or delete certificates without having direct references to them.
SecCertificateRef certificate = ...;
NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
kSecClassCertificate, kSecClass,
[NSArray arrayWithObject:(id)certificate], kSecMatchItemList,
kSecMatchLimitOne, kSecMatchLimit,
nil];
OSStatus status = SecItemDelete((CFDictionaryRef)query);
if (status) {
// Handle error
}
Upvotes: 6
Related Questions
- How to delete a keychain reference from command line
- Remove private key from Mac OS X keychain using Terminal
- How do I programmatically remove a certificate in Trusted Root Certification Authorities?
- How to delete a password from keychain with a shell command?
- How to delete user installed certificate programmatically?
- Delete Private key from keychain mac programmatically
- iOS Remove Keychain Value
- Example for Mac OS X security delete-certificate -c <name>?
- How to delete certificate from Keychain Access?
- I want to delete all items in my self created KeyChain on Mac OS X