OSX, code signing private keys - macos

Where can I find the private key used to generate the mac code signing certificate?
I have looked within keychain but cannot find it.

Okay quite simple now I have found the solution. In order to view the private keys used when signing you need to open keychain as root.
sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access
When opened view the login chain > Keys. Your private and public keys for your certificates will be found here. You can then right click to export these out.

Related

Xcode can't find my private key in keychain

I have some apps already published in iTunes, I've compiled and published them from my Mac many times. Recently I was forced to reset my passwords, and then I tried to compile and XCode told me that:
a) I wasn't logged in
b) My certificate wasn't found in the keychain (Revoke)
So, ok, I logged in again and created another certificate. I read in another post that: "If you change your password for your computer after you have already created a cert, you will have to go through the process all over again and create new certs."
But now when I'm going to compile, XCode tells me that my private key can't be found in my keychain. And I can't create a new one because my app is already published. Where is it?
All the info I could find on the web tells me to contact the owner of the Mac which originally created the private key to import it to mine. But it's my Mac! Where is it? Where is the private key? Gone?
Try going into Keychain Access, type in "iPhone Developer" or "iPhone Distribution" into the search field in the top right and you'll get a list of valid and expired certificates.
As you can see from the below screenshot, I have a pile of expired ones, and one valid one. Clicking on that valid cert reveals the private key underneath it.

Adding private key to a distribution certificate

I'm on a development team and I just tried to deploy a build to TestFlight. I got the error "...has iOS Distribution Certificate but its private key is not installed." The team's creator sent me his private key but I can't figure out how to then use this to validate the certificates so I can deploy a build. Do I need more than just his password? What's the next step? Thanks!
Open up the Keychain Access app and find your development certificate (its beneath the Certificates tab on the left). Click the arrow beside the certificate to reveal your private key. Replace that private key (it probably says your name) with the private key that he sent you.

OSX - signing identity missing private key

After I accidently deleted my local keychain... it seems I have encountered some problems. (This is my first Mac.)
In Xcode - Preferences - Accounts it has an error. If I click "View details" for my developer account, it list one signing identity called "iOS Development". However, its status is missing private key. (If I try to add one for distribution, it also pops up saying I already have one.)
As I already redownloaded both my distribution and development certificate from my developer profile and put them into my local keychain... I guess this means they somehow were not enough? Is there any other place on my Mac where I can (be lucky and) find my private key? certificate? ...
Or will I need to revoke my certificates in my developer profile? Download new certificate and create new provision profiles?
The private key is used for signing the code and the certificate is used for verifying the code. Since the private key is only stored in your keychain and you deleted it.
The only way to recover from it is to create a new developer certificate and generate a new Developer Provisioning Profile for your app.

Xcode profile missing public keys

I got myself a new mac so I went into Xcode 4.6.2 and exported my developer account and then on my new iMac I imported the profile and all certificates were imported correctly into keychain app and all private keys were also imported but none of the public keys came across to new account I have now tried to repeat this twice more and Still no luck so I have backed up the old keychain as I can move all key and certificates in one go but I have heap of crap in old keychain that I dont want to bring across has any one else been able to move there profile from one mac to another and get it to copy all keys (public + private) or are the public key not needed for anything I know how keys work for ssh or ssl but I'm not sure whats needed for code signing projects.
For code signing projects You need a distribution profile and developer profile. You can download or Import your profiles from xcode itself. goto Xcode->window->Organizer import option which is used to import your profiles. Signin Option which is used to download the profiles from online.

Provisioning for Distribution

I can run the app fine through the development profile but I can't run it through the distribution profile. I have everything setup correctly as far as I can tell. The error that I get from xcode on compile is:
Code Sign error: No unexpired provisioning profiles found that contain any of the keychain's signing certificates
and in TARGETS > Release > Any iOS SDK I look under what should the correct line item and I see the following:
Profile doesn't match any valid certificate/private key pair in your keychains
So it sounds like my current cert doesn't allow me to run my app as distribution? I went into the member center and dirtied all related profiles and restarted xcode 4.6 after updating my profiles. Doesn't seem to work.
I also checked my Info.plist and the bundle name is correct there. It's also correct in TARGETS > Summary > Bundle Identifier.
A private key is missing
I noticed this morning that there is no private key underneath the iPhone Distribution cert in my Keychain Access and I suspect that's an issue? I'm an admin in the developer portal so I'm not sure why this wouldn't be working..
If you weren't on the distribution certificate when it was signed then you need to have someone who IS on the certificate to export their cert + private key for you. If in doubt, it's probably the dev portal agent who you need this from. The details are found in the answer for the question below:
Profile doesn't match any valid certificate/private-key pair in the default keychain

Resources