I'm looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sort.
The Keychain Access app does not offer any such functionality, and getting a key's data involves opening each in turn, and having to type in the keychain's password to see the password stored with the key, every time.
After a bit of digging, I found somebody's solution by using AppleScript and the Keychain Scripting app to access keychains (can't link to individual post; scroll down about two thirds to the end of the page):
http://discussions.apple.com/thread.jspa?threadID=1398759
Using Keychain scripting, you can access all data fields of all the keys – including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.
However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
I'm now looking for a solution to get around this. I realize that as it's the purpose of keychains to safeguard the sensitive data and prevent precisely the kind of thing I'm trying to do, any such solution would probably involve some kind of hack.
I'd be very interested in your ideas!
Open Keychain Access and select the certificate(s) you want to export. (Hold down the Command key to select multiple certificates.) Click File > Export Items. Name the file and choose a location to save it.
In the Keychain Access app on your Mac, if your keychains aren't visible, choose Window > Keychain Access. Select a keychain in the Keychains list. Choose File > Delete Keychain [keychain name]. Click Delete References.
Step 1: Export your iCloud Passwords Open Safari and choose Safari > Preferences. Click the Passwords icon, then enter the password you use to log in to your computer. Click. and choose Export Passwords.
Allright, I'm stupid. There's a command-line tool called security
that does just this (and lots of other actions on keychains).
An example usage:
security dump-keychain -d login.keychain
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
Without the -d
option, it will dump all the fields except for the password.
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
keychain: "/Users/<username>/Library/Keychains/login.keychain" class: "inet" attributes: 0x00000007 <blob>="tech.slashdot.org (<username for this web login>)" 0x00000008 <blob>=<NULL> "acct"<blob>="<username for this web login>" "atyp"<blob>="form" "cdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000" "crtr"<uint32>=<NULL> "cusi"<sint32>=<NULL> "desc"<blob>="Kennwort des Web-Formulars" "icmt"<blob>="default" "invi"<sint32>=<NULL> "mdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000" "nega"<sint32>=<NULL> "path"<blob>=<NULL> "port"<uint32>=0x00000000 "prot"<blob>=<NULL> "ptcl"<uint32>="http" "scrp"<sint32>=<NULL> "sdmn"<blob>=<NULL> "srvr"<blob>="tech.slashdot.org" "type"<uint32>=<NULL> data: "<the plaintext password for this key>"
Please read this: https://gist.github.com/rmondello/b933231b1fcc83a7db0b
Ignore:-----
I found a sollution to the "Always Allow" dialog in each key!
Just run the previous command with sudo.
sudo security dump-keychain -d login.keychain
This way you'll only need to enter your password two times. One on the Terminal to sudo and another to unlock the keychain! ;)
Have a nice day!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With