Public/Private Key Certificate - Mac OS X 10.7.4 (Lion)
To create the simplest possible Certificate
(with a public/private keypair):
Utilities → Keychain Access
Keychain Access → Certificate Assistant → Create A Certificate...
Name: FooDisk Identity Type: Self Signed Root Certificate Type: Code Signing ✓ Let me override defaults
Serial Number: 1 Validity Period (days): 7300 <Continue>
Email Address: none N.B., This avoids the situation where the Mail program
will use this Certificate to sign or encrypt e-mail messages.
Since the Certificate
is self-signed, it will have no validity with recipients, and therefore is
useless for any purpose relating to Mail. Name (Common Name): <same as in the first step>
Key Size: 2048 bits Algorithm: RSA <Continue>
✓ Include Key Usage Extension
✓ This extension is critical
□ Signature (uncheck,
along with all others except Data Encipherment)
✓ Data Encipherment
□ Include Extended Key Usage Extension (uncheck)
□ Include Basic Constraints Extension (uncheck)
□ Include Subject Alternate Name Extension (uncheck)
Keychain: login <Create>
Click on the newly created Certificate in the Keychain Access window.
Click on the triangle to expand the Certificate.
Click on the private key.
Get Info (either by right-clicking on the private key,
or type command-I).
Select Access Control at the top of the window that pops up.
Delete all applications by highlighting each application name,
and then click the minus (-) button.
Activate the "Confirm before allowing access" option.
✓ Ask for Keychain password
(This will require you to enter your login Keychain password
each time your private key is accessed.)
Close the Information window.
Note that the last step may have to be repeated after Quitting out of
Keychain Access and re-opening it a second time.
To find the public key (40 digits, in hex) for this certificate: