I\'m looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sor
Allright, I'm stupid. There's a command-line tool called security
that does just this (and lots of other actions on keychains).
An example usage:
security dump-keychain -d login.keychain
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
Without the -d
option, it will dump all the fields except for the password.
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
keychain: "/Users//Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 ="tech.slashdot.org ()"
0x00000008 =
"acct"=""
"atyp"="form"
"cdat"=0x32303038303432333038323730355A00 "20080423082705Z\000"
"crtr"=
"cusi"=
"desc"="Kennwort des Web-Formulars"
"icmt"="default"
"invi"=
"mdat"=0x32303038303432333038323730355A00 "20080423082705Z\000"
"nega"=
"path"=
"port"=0x00000000
"prot"=
"ptcl"="http"
"scrp"=
"sdmn"=
"srvr"="tech.slashdot.org"
"type"=
data:
""