我正在尝试使用以下脚本检索我的 PIV key :getPIVkey.sh
NAME=`security find-certificate | grep PIV | sed 's;keychain:";;g' | sed 's;";;g'`
echo $NAME
ssh-keygen -i -m pkcs8 -f <(security find-certificate -p "$NAME" | openssl x509 -noout -pubkey)
在 Mac OS High Sierra 10.13.4 上。我得到:
./getPIVPub.shkeychain: PIV-Bill K Brown (piv)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
unable to load certificate
140735828857800:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE
do_convert_from_pkcs8: /dev/fd/63 is not a recognised public key format
最佳答案
您的第一个 sed 中似乎缺少一个空格命令,在 keychain: 之间和报价。所以你的命令设置NAME变量应该是
NAME=`security find-certificate | grep PIV | sed 's;keychain: ";;g' | sed 's;";;g'`
随着改进的
sed命令,NAME 的(打印的)值不应再以 keychain: 开头但只包含名称。由于
NAME 中的值错误,第二个security find-certificate命令失败,因此输出 The specified output could not be found in the keychain. .之后执行的命令也会失败。仅供引用,引用
/dev/fd/63 的原因在问题 Why does process substitution result in a file called /dev/fd/63 which is a pipe? 的答案中进行了解释
关于ssh - do_convert_from_pkcs8 :/dev/fd/63 is not a recognised public key format,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51470544/