Collaborate Disseminate
If you are using an encrypted APFS container, for example, to encrypt the Time Machine, whenever the physical disk is plugged in, MacOS asks for a decryption password with an option to store it ("remember the password") in the ke… Continue reading Storing APFS password in Apple’s Keychain for Time Machine
So Apple syncs FIDO Passkeys across a user’s devices using iCloud Keychain.
Can one inspect those Passkeys in ones own iCloud Keychain e.g. with the macOS app Keychain Access? I have tried with version 11.0 on macOS 13.1, but don’t yet see… Continue reading Can one inspect Passkeys on iCloud Keychain [migrated]
In my Unity app in C# I am using a 3rd party script which allows me store and retrieve data using iOS keychain. The stored data is a private user generated key which is used to encrypt data before backing the file online (not iCloud).
I ch… Continue reading Storing encrypted data in iOS keychain
I’m interested in using Apple’s Secure Enclave on macOS or TPM on Windows to protect cryptographic keys used by an application from being accessed by other applications running with the same or higher privileges. However, the documentation… Continue reading How can an application, using Apple’s Secure Enclave on macOS or TPM on Windows, protect itself from other applications accessing its private keys?
What algorithm does MacOS use in its keychain system to generate passwords? (using password assistant accessed through keychain app and using Safari keychain).
Does it access/is it the GUI for the /dev/*random interface used in terminal? O… Continue reading Password generation algorithm used by MacOS keychain
Regarding Apple’s beta feature of storing WebAuthn passkeys in the iCloud Keychain, does anybody know if the unencrypted passkeys ever leave the secure enclave, and get stored in RAM or anything?
With traditional WebAuthn on a Yubikey or s… Continue reading Do passkeys on iCloud Keychain ever exist unencrypted outside the secure enclave?
This question might have an obvious answer but I think a clear explanation is a missing piece on the internet.
Isn’t it (or is it) a security risk that macOS’s Keychain.db files located at ~/Library/Keychains/*.db seems to be regular unpro… Continue reading Is it a security risk that macOS Keychain.db files are accessible by any process on the system?
In my app, the user must use a private key to sign a transaction (on a blockchain). (It is quite common)
I am facing questions regarding how to store my user’s private key on the device. I am to use a keychain module to store the private k… Continue reading Storing a private key in android/ios keychain encrypted or not
As of iOS 15, users can pair their stored passwords with tokens. These are automatically populated by the OS via Safari on websites, when the user tries to login. That means, although the information is encrypted on the device, it has all … Continue reading How secure are passwords, usernames and tokens stored in KeyChain (iOS 15)
Context
On macOS, when an app requests permission to access a keychain item, a prompt like this is presented:
git-credential-osxkeychain wants to use your confidential information stored in "github.com" in your keychain. The au… Continue reading Determine path of app prompting for access to macOS keychain item