Questions tagged [keychain]

For security questions about Apple's Keychain Access app and the keychain file format on macOS and iOS

Keychain Access.app is a macOS Application Utility that stores and manages passwords and certificates, use the keychain file format, also present on iOS.

44 questions
12
votes
3 answers

Export non-extractable private key from Keychain on OS X

I have a PKI certificate in Keychain Access.app on OS X 10.9, together with the private key. The manual page for /usr/bin/security indicates that there is a -x option for security import to specify that private keys are non-extractable after being…
cnst
  • 1,884
  • 2
  • 19
  • 30
10
votes
1 answer

Secure Enclave and keychain security

I've read the WWDC 2015 article from Apple, which says that: We also moved the KeyStore component from the kernel into Secure Enclave and it's that component which controls the cryptography around Keychain items and the data protection. Does this…
Summer
  • 201
  • 1
  • 6
9
votes
4 answers

How secure is OS X's Keychain access control?

On OS X, when an application requests access to a Keychain item, the user is prompted whether to grant or deny that access. Supposedly, the system saves not only the binary path, but also its hash in the ACL entry that is created after the user…
lxgr
  • 4,094
  • 3
  • 28
  • 37
7
votes
4 answers

Method to integrate Touch ID in iOS apps

With the recent announcement of Touch ID APIs for third party apps, I am wondering how can we leverage this feature to perform secure transaction ? I am looking for a method to use Touch ID in my payment application. One option is to store the…
Bharath
  • 79
  • 1
  • 2
7
votes
2 answers

Is it safe to use a stateless authorization mechanism where the clear password is stored on the keychain?

Is it safe to use the following stateless authorization mechanism between a client (iOS & Android) and server? Sign up The client provides an email and password and saves the clear password on the Keychain of iOS and using some alternative for…
Ignasi
  • 123
  • 5
7
votes
1 answer

Keychain vs KeyStore vs TrustStore

I'm quite confused between the three, and a Google search didn't come up with much. Can someone please explain?
user1118764
  • 401
  • 5
  • 12
5
votes
2 answers

Entropy on native memorable password on macosX keychain

I have been trying to find information on this. But I haven't found anything online. When you use the password manager on mac, it can provide "memorable" passwords. For example pick3"enigma. (You choose the number of characters) I haven't found any…
5
votes
1 answer

Keychain-dumper and Secure Enclave

Is it possible to use keychain-dumper to extract private keys that are protected by the secure enclave? Keychain-dumper works with "/private/var/Keychains/keychain-2.db". If a private key is generated using SecGenerateKeyPair() with the…
user1118764
  • 401
  • 5
  • 12
5
votes
1 answer

How to encrypt data using the iOS secure element?

I would like to know if there's a way to encrypt/decrypt data using the iOS secure element chip (Java card). Or does the keychain already use it?
4
votes
1 answer

Using a gmail oath2 token to access web email

I forgot my password to an old gmail account. I have tried the regular route of going through gmail password recovery: answering questions, it keeps looping back to the questions, so I think I'm getting them wrong, using mobile phone recovery is out…
alexibbb
  • 41
  • 3
4
votes
1 answer

KeyChain Access and GPG Keychain - should those be running simultaneously?

I have installed GPG Suite and found out also during this time that my OS X has some KeyChain Access app that stores all my passwords under my screenlock password - total news to me. Can I get rid of Apple app if I now have GPG? Thanks.
user87589
4
votes
0 answers

Security flaw in iOS, Safari weird behavior or what else?

some months ago I was travelling and flew from Frankfurt airport and, while there, I probably connected to some Telekom.de free hotspot. I have an iPhone 6 with iOS 9.02 (at that time it was 8.1.x). Couple days ago I looked through my Safari saved…
int 2Eh
  • 153
  • 1
  • 4
3
votes
1 answer

How is the iOS KeyChain master key derived?

I'm no expert but I'm assuming that on OSX it's derived from the user account password. I'm more than open to the possibility of that being incorrect. On iOS there is no user account password, only a PIN. Passwords and PINs are both optional, but…
Matt
  • 225
  • 2
  • 5
3
votes
0 answers

Do passkeys on iCloud Keychain ever exist unencrypted outside the secure enclave?

Regarding Apple's beta feature of storing WebAuthn passkeys in the iCloud Keychain, does anybody know if the unencrypted passkeys ever leave the secure enclave, and get stored in RAM or anything? With traditional WebAuthn on a Yubikey or similar…
3
votes
1 answer

Why is GPG-agent still caching my passphrase?

I can not get gpg to prompt me for my passphrase when I want to decrypt a file. I tried including: default-cache-ttl 0 max-cache-ttl 0 (also flipped the bit to 1) within ~/.gnupg/gpg-agent.conf and then running either: gpgconf --reload gpg-agent…
Chris
  • 151
  • 3
1
2 3