Is there a quick and easy way to dump the contents of a MacOS X keychain?

Question

I\'m looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sor

Answer 1

Update, there is now a tool that does this nicely:

Keychaindump is a proof-of-concept tool for reading OS X keychain passwords as root. It hunts for unlocked keychain master keys located in the memory space of the securityd process, and uses them to decrypt keychain files.

Source: https://github.com/juuso/keychaindump

Answer 2

Actually I was just looking for the same: Modified applescript from github somebody posted. To be run in ScriptEditor and must be allowed in Preferences & Security.

set keychainPassword to "yourpasswordgoeshere"

tell application "System Events"
    repeat while exists (processes where name is "SecurityAgent")
        tell process "SecurityAgent"
            delay 0.1
            try
                set value of text field 1 of window 1 to keychainPassword
                click button "Allow" of window 1
            end try
        end tell
    end repeat
end tell

You must click each window separetly in order to activate them. For that I used tool "murgaa auto clicker" I had known from runescape many years ago (http://www.murgaa.com/auto-clicker-mac/ seems still active). You just set shortcut for autoclicking (eg. Command+R) and set timer to 10ms and it works like charm.

Answer 3

Allright, I'm stupid. There's a command-line tool called security that does just this (and lots of other actions on keychains).

An example usage:

security dump-keychain -d login.keychain

This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.

Without the -d option, it will dump all the fields except for the password.

The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):

keychain: "/Users/<username>/Library/Keychains/login.keychain"
class: "inet"
attributes:
    0x00000007 <blob>="tech.slashdot.org (<username for this web login>)"
    0x00000008 <blob>=<NULL>
    "acct"<blob>="<username for this web login>"
    "atyp"<blob>="form"
    "cdat"<timedate>=0x32303038303432333038323730355A00  "20080423082705Z\000"
    "crtr"<uint32>=<NULL>
    "cusi"<sint32>=<NULL>
    "desc"<blob>="Kennwort des Web-Formulars"
    "icmt"<blob>="default"
    "invi"<sint32>=<NULL>
    "mdat"<timedate>=0x32303038303432333038323730355A00  "20080423082705Z\000"
    "nega"<sint32>=<NULL>
    "path"<blob>=<NULL>
    "port"<uint32>=0x00000000 
    "prot"<blob>=<NULL>
    "ptcl"<uint32>="http"
    "scrp"<sint32>=<NULL>
    "sdmn"<blob>=<NULL>
    "srvr"<blob>="tech.slashdot.org"
    "type"<uint32>=<NULL>
data:
"<the plaintext password for this key>"

Answer 4

Please read this: https://gist.github.com/rmondello/b933231b1fcc83a7db0b

Ignore:-----

I found a sollution to the "Always Allow" dialog in each key!

Just run the previous command with sudo.

sudo security dump-keychain -d login.keychain

This way you'll only need to enter your password two times. One on the Terminal to sudo and another to unlock the keychain! ;)

Have a nice day!

Answer 5

I found solution for not clicking "Allow" multiple times

sudo su
security dump-keychain -d /Users/YourUsername/Library/Keychains/login.keychain