KeychainStasher

executablemacOS152.8 KBx86_64, arm64

Code signing utility — manages certificates and digital signatures for macOS applications

Accesses Keychain to retrieve code signing certificates and keys for signing application binaries and bundles. Manages certificate validation and verification of existing signatures. Communicates with Apple's code signing infrastructure and telemetry endpoints to validate signing status and gather diagnostics. Stores signing metadata and logs in private storage areas. Supports signing for multiple bundle identifiers, indicating use across different application types and workflows.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 152.8 KB
UUID: B761525E-A8BB-3AEE-970D-6A49B1CF8C0E
Analyzed: 2026-04-09T09:39:00Z
CDHash: 8e51ccb15e8c9aa566a3dd32e0accc3ffdf804f3fd063d6294dd0dfacf0df1d4

Capabilities

StoragePrivate storage area access

com.apple.private.security.storage.SFAnalytics [object Object]

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks5

Security Foundation libobjc.A.dylib libSystem.B.dylib CoreFoundation

Entitlements3

application-identifier com.apple.security.KeychainStasher

com.apple.private.keychain.sysboundtrue

com.apple.private.security.storage.SFAnalyticstrue

Interesting Strings

Bundle IDs(9)

"com.apple.security.KeychainStasher0(#com.apple.private.keychain.sysbound .com.apple.private.security.storage.SFAnalytics <key>com.apple.private.keychain.sysbound</key><key>com.apple.private.security.storage.SFAnalytics</key>

File Paths(4)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/Security.framework/Versions/A/Security private/var/protected/

telemetry(5)

.com.apple.private.security.storage.SFAnalytics <key>com.apple.private.security.storage.SFAnalytics</key>Analytics/_OBJC_CLASS_$_LocalKeychainAnalytics sfanalytics/

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(8)

HostnameSecurity-61901.40.77

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

1

Hardware

0

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

5

File Paths

4

Bundle IDs

9

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code7666ff164a069222c59e1fd5721fc7df8d5e84db8a0b2fb1b9695b145d5090d8

Imports561fba2141fecaf2df7ec9849f53a234e7941aeaa94627b701455a67dcd345b0

Frameworkse4731a97c4b9ee2696244f215a32e8561155460b5b2d5b90e63e170917f0d653

Classes5c0fadef13700fec8726db507aa2e5661843a973612901e424a9099521bffa02

Entitlementsaa1a2c25b29354835e1b04ccb37cde6bb582f131f296b9242e7906f4f3391ed6

Symbols20e5fd19962988d42894b52b4b22a21aee6412b4fe3ab662c695220060d17541

Static Libraries0 / 16 functions identified

Functions(16)

0x100000c98-[ServiceDelegate listener:shouldAcceptNewConnection:]

0x100000ddcsub_100000ddc

0x10000141c-[KeychainStasher loadKeyWithReply:]

0x1000017e0-[KeychainStasher stashKey:withReply:]

0x100001ba4-[KeychainStasher baseQuery]

0x100001cf0-[KeychainStasher errorWithStatus:message:]

0x100001e6csub_100001e6c

0x100001e78sub_100001e78

0x100001e88sub_100001e88

0x100001f08sub_100001f08

0x100001f18sub_100001f18

0x100001f24sub_100001f24

0x100001f34sub_100001f34

0x100001fd0sub_100001fd0

0x100002228sub_100002228

0x1000022f0sub_1000022f0

Imports86 symbols from 5 dylibs

libSystem.B.dylib30 Security20 CoreFoundation17 libobjc.A.dylib12 Foundation7

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

trustdFileHelper

DataDetectorsSourceAccess

MobileGestaltHelper

remotesoftwareupdated

security-sysdiagnose

DataDetectorsLocalSources