是否有一种快速简便的方法来转储 MacOS X 钥匙串的内容? [英] Is there a quick and easy way to dump the contents of a MacOS X keychain?
问题描述
我正在寻找一种方法将 OS X 钥匙串的内容转储(导出)到一个文件中,我可以在其他地方轻松处理该文件,例如制表符分隔的纯文本或类似内容.
I'm looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sort.
钥匙串访问应用程序不提供任何此类功能,获取钥匙的数据需要依次打开每个数据,并且每次都必须输入钥匙串的密码才能查看与钥匙一起存储的密码.
The Keychain Access app does not offer any such functionality, and getting a key's data involves opening each in turn, and having to type in the keychain's password to see the password stored with the key, every time.
经过一番挖掘,我找到了某人的解决方案,即使用 AppleScript 和 Keychain Scripting 应用程序访问钥匙串(无法链接到单个帖子;向下滚动大约三分之二到页面末尾):
After a bit of digging, I found somebody's solution by using AppleScript and the Keychain Scripting app to access keychains (can't link to individual post; scroll down about two thirds to the end of the page):
http://discussions.apple.com/thread.jspa?threadID=1398759
使用钥匙串脚本,您可以访问所有密钥的所有数据字段——包括明文密码!– 将这些数据转储到文本文件等中相当容易.我已经对其进行了测试并且运行良好.
Using Keychain scripting, you can access all data fields of all the keys – including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.
但是,此解决方案仍然需要通过单击对话框上的确定"来确认对每个键的访问.这比每次都必须输入钥匙串的密码要好得多,但仍然很烦人.此外,您必须为每个密钥确认两次访问;一次用于脚本编辑器(或脚本本身,如果它作为应用程序运行),一次用于钥匙串脚本.因此,如果您正在处理具有 100 个密钥的钥匙串,则必须在 200 个对话框中手动单击确定".
However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
我现在正在寻找解决方案来解决这个问题.我意识到,由于钥匙串的目的是保护敏感数据并准确防止我想要做的事情,因此任何此类解决方案都可能涉及某种黑客行为.
I'm now looking for a solution to get around this. I realize that as it's the purpose of keychains to safeguard the sensitive data and prevent precisely the kind of thing I'm trying to do, any such solution would probably involve some kind of hack.
我对你的想法很感兴趣!
I'd be very interested in your ideas!
推荐答案
好吧,我很笨.有一个名为 security 的命令行工具可以执行此操作(以及对钥匙串执行的许多其他操作).
Allright, I'm stupid. There's a command-line tool called security that does just this (and lots of other actions on keychains).
示例用法:
security dump-keychain -d login.keychain
这会将 login.keychain(用户的默认钥匙串)中的所有数据转储为纯文本,包括密码.您仍然必须确认 access ,但每个键只确认一次,并且它比使用 AppleScript 快得多(并且在尝试访问某些字段时不会抛出奇怪的错误).这不是黑客.
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
如果没有 -d 选项,它将转储除密码之外的所有字段.
Without the -d option, it will dump all the fields except for the password.
密钥的转储数据如下所示(对于互联网密钥;程序密钥和证书有其他字段,但格式相同):
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
keychain: "/Users/<username>/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="tech.slashdot.org (<username for this web login>)"
0x00000008 <blob>=<NULL>
"acct"<blob>="<username for this web login>"
"atyp"<blob>="form"
"cdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Kennwort des Web-Formulars"
"icmt"<blob>="default"
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="http"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="tech.slashdot.org"
"type"<uint32>=<NULL>
data:
"<the plaintext password for this key>"
这篇关于是否有一种快速简便的方法来转储 MacOS X 钥匙串的内容?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
