I am trying to retrieve my PIV key using the following script:
getPIVkey.sh
NAME=`security find-certificate | grep PIV | sed 's;keychain:";;g' | sed 's;";;g'`
echo $NAME
ssh-keygen -i -m pkcs8 -f <(security find-certificate -p "$NAME" | openssl x509 -noout -pubkey)
on Mac OS High Sierra 10.13.4. I get:
./getPIVPub.sh
keychain: PIV-Bill K Brown (piv)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
unable to load certificate
140735828857800:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE
do_convert_from_pkcs8: /dev/fd/63 is not a recognised public key format
It looks like you are missing a space in your first sed command, between keychain: and the quote. So your command to set the NAME variable should be
NAME=`security find-certificate | grep PIV | sed 's;keychain: ";;g' | sed 's;";;g'`
With the improved sed command, the (printed) value of NAME should no longer start with keychain: but just contain the name.
As a consequence of the wrong value in NAME, the second security find-certificate command fails, hence the output The specified output could not be found in the keychain.. The commands executed after that then fail as well.
FYI, the reason for the reference to /dev/fd/63 is explained in the answer to the question Why does process substitution result in a file called /dev/fd/63 which is a pipe?