|This article needs additional citations for verification. (July 2013) (Learn how and when to remove this template message)|
|Operating system||Mac OS 9, macOS|
|Website||Keychain programmers guide|
Screenshot of Keychain Access on Mac OS X 10.5.
9.0 (55161) / October 16, 2014
|Operating system||Mac OS 9, macOS|
Keychain is password management system in macOS developed by Apple. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of Mac OS, including macOS. A Keychain can contain various types of data: passwords (for websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates, and secure notes.
Storage and access
In macOS, keychain files are stored in ~/Library/Keychains/, /Library/Keychains/, and /Network/Library/Keychains/, and the Keychain Access GUI application is located in the Utilities folder in the Applications folder. It is free, open source software released under the terms of the APSL. The command line equivalent of Keychain Access is /usr/bin/security.
Locking and unlocking
The default keychain file is the login keychain, typically unlocked on login by the user's login password, although the password for this keychain can instead be different from a user’s login password, adding security at the expense of some convenience. The Keychain Access application does not permit setting an empty password on a keychain.
The keychain may be set to be automatically "locked" if the computer has been idle for a time, and can be locked manually from the Keychain Access application. When locked, the password has to be re-entered next time the keychain is accessed, to unlock it. Overwriting the file in ~/Library/Keychains/ with a new one (e.g. as part of a restore operation) also causes the keychain to lock and a password is required at next access.
If the login keychain is protected by the login password, then the keychain's password will be changed whenever the login password is changed from within a logged in session on macOS. On a shared Mac/non-Mac network, it is possible for the login keychain's password to lose synchronization if the user's login password is changed from a non-Mac system. Also, if the password is changed from a directory service like Active Directory or Open Directory, or if the password is changed from another admin account e.g. using the System Preferences. Some network administrators react to this by deleting the keychain file on logout, so that a new one will be created next time the user logs in. This means keychain passwords will not be remembered from one session to the next, even if the login password has not been changed. If this happens, the user can restore the keychain file in ~/Library/Keychains/ from a backup, but doing so will lock the keychain which will then need to be unlocked at next use.
Keychain Access is a macOS application that allows the user to access the Keychain and configure its contents, including passwords for websites, web forms, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images, etc. It unlocks, locks, and displays passwords saved by the system which are dynamically linked to the user's login password, as well as managing root certificates, keys, and secure notes.
Its graphical user interface displays various keychains, with there usually being at least two: the login keychain and the system keychain. It also includes the Keychain first aid utility (which was removed by the 10.11.2 update) that can repair problems with Keychains. Various events can cause problems with Keychains, and sometimes the only solution to a problem is to delete the Keychain, which also deletes any passwords stored in the Keychain, and create a new one.
It is usually found in the Utilities folder under Applications in macOS. As an ancillary application to macOS, it is subject to updates via Software Update and thus should not be moved out of the Utilities folder. There is also an included command-line tool to access the keychain, called "security".
iCloud Keychain was announced at the 2013 Apple Worldwide Developers Conference (WWDC), to be released as part of iOS 7 and OS X Mavericks (version 10.9). It was not released with the initial release of iOS 7, instead being added with the release of iOS 7.0.3 and OS X Mavericks following Apple's October 22, 2013 event. It re-introduces the old MobileMe Keychain syncing function that was removed with the initial release of iCloud in 2011, but now renamed iCloud Keychain.
It functions as a secure database that allows information including a user's website login passwords, Wi-Fi network passwords, credit/debit card management (though without CVV), and other account data, to be securely stored for quick access and auto-fill on webpages and elsewhere when the user needs instant access to them. They are always stored encrypted using 256-bit AES encryption, are stored on device and pushed from iCloud between devices, and only available on a user's trusted devices.
The service can also suggest new longer and more secure passwords to the user, if and when required. It will only be available for use on Apple platforms, and even more specifically, when using inside a browser, will only work with Safari browser on iOS 7.0.3 and OS X Mavericks (version 10.9) onwards.
Keychains were initially developed for Apple's e-mail system, PowerTalk, in the early 1990s. Among its many features, PowerTalk used plug-ins that allowed mail to be retrieved from a wide variety of mail servers and online services. The keychain concept naturally "fell out" of this code, and was used in PowerTalk to manage all of a user's various login credentials for the various e-mail systems PowerTalk could connect to.
The passwords were not easily retrievable due to the encryption, yet the simplicity of the interface allowed the user to select a different password for every system without fear of forgetting them, as a single password would open the file and return them all. At the time, implementations of this concept were not available on other platforms. Keychain was one of the few parts of PowerTalk that was obviously useful "on its own", which suggested it should be promoted to become a part of the basic Mac OS. But due to internal politics, it was kept inside the PowerTalk system and, therefore, available to very few Mac users.
It was not until the return of Steve Jobs in 1997 that Keychain concept was revived from the now-discontinued PowerTalk. By this point in time the concept was no longer so unusual, but it was still rare to see a keychain system that was not associated with a particular piece of application software, typically a web browser. Keychain was later made a standard part of Mac OS 9, and was included in Mac OS X in the first commercial versions.
Keychain is distributed with both iOS and OSX. The iOS version is simpler because applications that run on mobile devices typically need only very basic Keychain features. For example, features such as ACLs (Access Control Lists) and sharing Keychain items between different apps are not present. Thus, iOS Keychain items are only accessible to the app that created them. On OSx, on the other hand, the security model is weaker. This makes OSX Keychain vulnerable to cross application resource sharing attacks. Specifically, a malicious app can create an item with the same attributes (which are served as labels for item lookup) as those of a victim app, and specify in the ACL that it authorizes the victim app to access the item. When the victim app is launched, it would look up its items using the attributes. Keychain will find the malicious items planted by the malicious app, and pass them to the victim app. The victim app would then update the item (store usernames and passwords), and those items will be accessible to the malicious app. Since Keychain does not allow duplicate items, this attack is limited only to situations where the malicious app creates the item prior to first launch of the victim app. However, this limitation can be removed because the malicious app can delete the item of the victim app (Keychain does not consult the ACL for granting item deletions) and then proceed as in the original attack.
- Comparison of password managers
- List of password managers
- Password manager
- Pleasant Password Server
- "Mac OS X 10.5 Help - Changing your keychain password". Docs.info.apple.com. Archived from the original on 2012-05-31. Retrieved 2016-03-28.
- "Mac OS X 10.4 Help - Changing your keychain password". Docs.info.apple.com. Archived from the original on 2012-05-31. Retrieved 2016-03-28.
- Apple Inc. "Source Browser". Opensource.apple.com. Retrieved February 26, 2012.
- "Apple - OS X Lion - At the heart of every Mac is one powerful OS" (PDF). Images.apple.com. Retrieved February 26, 2012.
- "Mac OS X 10.5 Help: Changing your keychain password". Docs.info.apple.com. Archived from the original on June 13, 2011. Retrieved February 26, 2012.
- "Mac OS X 10.4 Help: Locking and unlocking your keychain". Docs.info.apple.com. Archived from the original on June 13, 2011. Retrieved February 26, 2012.
- Frequently asked questions about iCloud Keychain. Apple Support. Retrieved 27 October 2014.
- "Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS" (PDF).