Is there a way to change an imported exportable certificate to non-exportable?

Hi,

A certificate imported on macOS 15 using the security command with the "non-exportable" option was imported in an exportable state. I would like to know how to change this certificate to be non-exportable.

Regards, CTJ

Using the security tool? Or using the keychain API?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello,

I use the import command from the Security tool.

Regards, CTJ

Ah, sorry, I wasn’t sufficiently clear. I understand that you’re importing this credential using the security tool. I was asking about how you want to change this attribute. Are you looking to do that using security tool? Or to write code to do it using the Security framework?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The user changes the attributes by executing a command in the terminal. If that is not possible, we will create a program to change the attributes and distribute it to the user, who will then run that program.

Regards CTJ

What I want to do hasn't changed, but if anyone knows, please let me know.

Is it possible to change the attributes of a private key that was imported in an exportable state in macOS 15 to a non-exportable state by rewriting the attributes?

Regards, CTJ

security import -x option not working on macOS 15 / 26 / 26 beta2 — Private Key name issue

Hello,

I have noticed an issue with the security import command on recent macOS versions. When I use the following options:

the -x option does not seem to take effect — the imported certificate and private key can still be exported. In addition, the imported private key is always named "Imported Private Key", regardless of the original name.

This problem started on macOS 15 and is still present on macOS 26 and macOS 26 beta2. I believe this is a regression that needs to be fixed.

If anyone has more information or knows of a workaround, I would appreciate your input.

Regards, CTJ

Is there a way to change an imported exportable certificate to non-exportable?
 
 
Q