Exporting from Keychain

When you export/download a digital certificate, you will receive both public and private keys. The public keys are the ones that you will use to sign and encrypt emails. The private keys are the ones that will be stored on your computer. You should never share the private key(s).

WARNING: If someone else has access to your private keys, they can impersonate you or read your encrypted emails.


  1. In the Finder, open Utilities 

  2. Open Keychain Access.

  3. Select your signing and encryption certificates from the list of displayed keychain items.

  4. From the File menu, select Export.

  5. Enter the name of the file you are exporting and select the P12 format.

  6. Choose the location and filename destination where you want to export your certificate and click Next.

  7. When prompted, create a password for the certificate files.

Be sure that you create a password that you will be able to remember at a later date or that you can store it in a separate location that is also secure. The password will be required to move the files to another computer or device or if you ever have to use the files to restore your certificates.

Creating a backup copy

Your personal digital certificate will be stored in Stache.  You can however elect to store it elsewhere. There are several options:

  • Burn the contents to a CDROM
  • Copy the files to portable media such as a Flash drive
  • Copy the files to UTBox, which is approved for the storage of sensitive information.

Regardless of which medium you wish to store your certificate and private key, remember to secure the medium. 

Do not ask anyone else (such as desktop staff) to store or keep copies of your certificates.  This is a security risk and not approved by ISO.

WARNING: If someone else has access to your private keys, they can impersonate you or read your encrypted emails.