Hello, We have a kSecClassKey object and on MacOS, we have been setting the key non-extractable in the following manner, but many of the attributes seem to be deprecated. Is there a better/recommended way of doing this on MacOS for private keys on login keychain using newer keychain attributes? Thanks, Peter (ex: kSecKeyExtractable) Current legacy code on MacOS:   int attributeListSize = 1;   int attributeIndex = 0;   unsigned int falseValue = 0;   SecKeychainAttributeList privateKeyAttrList;   SecKeychainAttribute privateKeyKeyChainAttributes[attributeListSize];   privateKeyKeyChainAttributes[attributeIndex].tag = kSecKeyExtractable;   privateKeyKeyChainAttributes[attributeIndex].data = &falseValue;   privateKeyKeyChainAttributes[attributeIndex].length = sizeof(falseValue);   privateKeyAttrList.count = attributeListSize;   privateKeyAttrList.attr = privateKeyKeyChainAttributes;   OSStatus status = SecKeychainItemModifyAttributesAndData((SecKeychainItemRef) keyRef, &privateKeyAttrList, 0, NULL);   if (status != errSecSuccess)   {     NSString *errMessage = [NSString stringWithFormat: @"Failed to modify kSecKeyExtractable attribute for key, status: %d", status];     *error = [self buildNSErrorForDomain:errorDomain                  errorCode:keychainFailure                 errorMessage: errMessage               underlyingError:[NSError errorWithDomain:keychainErrorDomain code:status userInfo:nil]                 shouldRetry:false];   }

I am trying to add my smart card PIV cert to ssh-agent. In macOS 10.15 Catalina, it was as simple as: ssh-add -s /usr/lib/ssh-keychain.dylib But in macOS 11.1 Big Sur, the ssh-agent debug output says: failed PKCS#11 add of "/usr/lib/ssh-keychain.dylib": realpath: No such file or directory I am aware that macOS 11 caches system libraries ... but I believe that /usr/lib/ssh-keychain.dylib is in the cache. Any help would be greatly appreciated!