code sign wants to sign using key - Doesn't allow or always allow but deny works

Hi guys,

I'm tearing my hair out with this, i have been exporting my certificate for signing and installing on my new machine many times but since i have updated to El Capitan, i have been having issues. At first, i thought i must be exporting wrong, so i created a brand new certificate from the portal and installed but yet i have the same problem.

The certificate and key exists in the keychain, but then when i build to device, it checks the keychain to authorise the use of the certificate and keychain and all that happens is the alert window appears requesting the "codesign wants to sign using key "x" in your keychain" and the buttons Always Allow, Deny and Allow, when i press Always allow or allow, nothing happens, only deny works.

Whats going??? Surely im not doing something wrong am i?



Accepted Reply

I found a solution!

I am using a software to make the movement of my mouse smoother. The app is called "SmoothMouse" and if it is active, it's impossible to click prompt asked by the keychain. I deactivated it and everything worked fine.

So, if you use VPN or any software that simulate/modify your mouse position, keychain won't let you click on it's popup messages.


I'm suddenly seeing the exact same issues on all four of my Build Server machines.

I figured it out!

I noticed this error in the console:

SecurityAgent[xyz]: Ignoring user action since the dialog has received events from an untrusted source

I just installed OS X 10.11.1 and this started happening. Looking at the changelog for 10.11.1, the following "fix" was introduced which prevents apps from digitally "clicking" the Allow or Always Allow buttons:

  • Impact: A malicious application can programmatically control keychain access prompts
  • Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows.

I was using Screen Sharing to control my Build Servers, and the OS was not allowing the Screen Sharing app to click the allow button. I lined the cursor up over the "Always Allow", then plugged a mouse into my headless Mac and simply clicked the mouse, and it worked!

I hope this helps!

unfortunately not, i am using my iMac locally and not remotely. No screen sharing in use.

I'm facing the same issue. I'm a total mac noob, and this will be the first app I build for my company. That being said I don't think it's limited to xcode, I think it's a security keychain issue in general. If I try and export a cert, I get the same deal when it prompts be for my keychain password. I also followed some other directions(below) that walk you through resetting your default keychain, but that didn't help either. I am using VNC to connect to it, but I went to the box physically and it still doesn't work.

At the end of the day, I thought macs and iphones were supposed to be easy. This whole development paradigm with certificates, identifiers, and provisioning profiles is a bunch of rubbish. There may be a need or purpose for all of it in the background, but there is no reason to have to do all of these things manually. Then add on top of it, there's this keychain issue that won't let me take the last frigin step... I'm convinced the only people that love macs only use the browser.

Edited for clarification: The below was tried and did NOT fix the issue.

To reset your keychain in Mac OS X 10.4, Mac OS X 10.5, and Mac OS X 10.6 Snow Leopard or later:

  1. Open Keychain Access, which is in the Utilities folder within the Applications folder.
  2. From the Keychain Access menu, choose Preferences.
  3. Click General, then click Reset My Default Keychain.
  4. Authenticate with your account login password.
  5. Quit Keychain Access.
  6. Restart your computer.

that not a viable solution, i dont want to reset my keychain.

It didn't help anyway. I was really just listing out what HASN'T worked to fix the issue for me. To add to that list:

-Deleted the folder located at users/user/library/preferences/byhost

-Logged in as a different user

-I set the password to something different than the login password.

All end with the same results. It just doesn't work.

I have the same issues and I'm stuck with this problem

Did you find a solotion ??? !!!

Same issue. Build servers are way to far away.

Same Issue

Same issue.

I was able to get it working by changing access control for the certificate to allow all applications. I did have to do this locally on the box, but it should be a one time deal. Once this is done, I don't think xcode will ask anymore.

Open Keychain Access

Righ Click on Cert

Click Get Info

Click Access Control

Click Allow all applications to access this item

Save changes

Enter password and apply(note that this step would not work using VNC, it had to be done locally.)

After that XCode didn't ask for access anymore.

I responded to the main post with what I was able to do to get it working. I wasn't able to click the prompt in XCode locally either. After changing access on the cert, it didn't ask me in xcode anymore.

When I hit "Save changes". it ask me a password, but nothing will work. I can only refuse/decline. Even the right password won't save. I'm stuck! Apple please help!

This reminded me that I was running MagicPrefs, a 3rd party app that enables extra mouse gestures. I quit MagicPrefs and I was able to click the Always Allow button.