Keychain Scripting

/ 24 April 2007

A while back I made a script to quickly find any password stored within my keychain. This script (which has at it’s heart the Keychain Scripting app) had a HUGE security flaw, it didn’t require the keychain password (your main user account password) to access the underlying passwords. Since I now have some pretty fragile pieces of information stored in secure notes on my keychain I took the time to manually add the password security. It was quite simple, you set one variable with your keychain password, then display a dialog to have you input your keychain password to a variable. If the two variable’s contents are the same then it shows the list of keys like it used to. If the two don’t match then it displays a dialog saying that it doesn’t match and stops the script. With that simple system I’ve made it possible to give the keychain the privacy that it requests from within the Keychain Access utility. I think it’s quite problematic actually that Apple’s applescript keychain access can bypass that password requirement.