There are several issues when operating KeyChainStore on Mac using keytool:
1. There are always such an Exception be shown when using keytool:
KeychainStore Ignored Exception: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input

2. The PrivateKeyEntry in a jks or pkcs12 keystore will become trustedCertEntry once imported to KeychainStore using keytool. And key access on Mac doesn't allow to import entries from jks keystore to KeychainStore at all. But key access will be able to import a pkcs12 keystore and keep PrivateKeyEntry as PrivateKeyEntry. keytool should at least give warnings to users as the entry types are changed. Or it should allow users to have the option to import PrivateKeyEntry.

3. Doing this command:
keytool -genkeypair -alias key3 -sigalg SHA256withRSA -provider apple.security.AppleProvider -storetype KeychainStore -keystore NONE -storepass password
Will get:
keytool error: java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey