是否有一种快速简便的方法来转储 MacOS X 钥匙串的内容?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/717095/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there a quick and easy way to dump the contents of a MacOS X keychain?
提问by Niels Heidenreich
I'm looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sort.
我正在寻找一种方法将 OS X 钥匙串的内容转储(导出)到一个我可以在其他地方轻松处理的文件中,例如制表符分隔的纯文本或类似的东西。
The Keychain Access app does not offer any such functionality, and getting a key's data involves opening each in turn, and having to type in the keychain's password to see the password stored with the key, every time.
Keychain Access 应用程序不提供任何此类功能,获取钥匙的数据需要依次打开每个,并且每次都必须输入钥匙串的密码才能查看与钥匙一起存储的密码。
After a bit of digging, I found somebody's solution by using AppleScript and the Keychain Scripting app to access keychains (can't link to individual post; scroll down about two thirds to the end of the page):
经过一番挖掘,我通过使用 AppleScript 和钥匙串脚本应用程序访问钥匙串找到了某人的解决方案(无法链接到单个帖子;向下滚动大约三分之二到页面末尾):
http://discussions.apple.com/thread.jspa?threadID=1398759
http://discussions.apple.com/thread.jspa?threadID=1398759
Using Keychain scripting, you can access all data fields of all the keys –?including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.
使用钥匙串脚本,您可以访问所有密钥的所有数据字段——包括明文密码!– 将这些数据转储到文本文件等中相当容易。我已经对其进行了测试,并且运行良好。
However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
但是,此解决方案仍然需要通过在对话框上单击“确定”来确认对每个键的访问。这比每次都必须输入钥匙串的密码要好得多,但仍然很烦人。此外,您必须为每个密钥确认两次访问;一次用于脚本编辑器(或脚本本身,如果它作为应用程序运行),一次用于钥匙串脚本。因此,如果您正在处理具有 100 个键的钥匙串,则必须在 200 个对话框上手动单击“确定”。
I'm now looking for a solution to get around this. I realize that as it's the purpose of keychains to safeguard the sensitive data and prevent precisely the kind of thing I'm trying to do, any such solution would probably involve some kind of hack.
我现在正在寻找解决方案来解决这个问题。我意识到,由于钥匙串的目的是保护敏感数据并准确防止我试图做的事情,因此任何此类解决方案都可能涉及某种黑客行为。
I'd be very interested in your ideas!
我会对你的想法很感兴趣!
回答by Niels Heidenreich
Allright, I'm stupid. There's a command-line tool called securitythat does just this (and lots of other actions on keychains).
好吧,我傻了。有一个名为的命令行工具security可以执行此操作(以及钥匙串上的许多其他操作)。
An example usage:
示例用法:
security dump-keychain -d login.keychain
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You stillhave to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
这会将 login.keychain(用户的默认钥匙串)中的所有数据转储为纯文本,包括密码。您仍然需要确认 access ,但每个键只需确认一次,并且它比使用 AppleScript 快得多(并且在尝试访问某些字段时不会抛出奇怪的错误)。这不是黑客。
Without the -doption, it will dump all the fields except for the password.
如果没有该-d选项,它将转储除密码之外的所有字段。
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
密钥的转储数据如下所示(对于互联网密钥;程序密钥和证书有其他字段,但格式相同):
keychain: "/Users/<username>/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="tech.slashdot.org (<username for this web login>)"
0x00000008 <blob>=<NULL>
"acct"<blob>="<username for this web login>"
"atyp"<blob>="form"
"cdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Zsudo security dump-keychain -d login.keychain
0"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Kennwort des Web-Formulars"
"icmt"<blob>="default"
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Zset keychainPassword to "yourpasswordgoeshere"
tell application "System Events"
repeat while exists (processes where name is "SecurityAgent")
tell process "SecurityAgent"
delay 0.1
try
set value of text field 1 of window 1 to keychainPassword
click button "Allow" of window 1
end try
end tell
end repeat
end tell
0"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="http"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="tech.slashdot.org"
"type"<uint32>=<NULL>
data:
"<the plaintext password for this key>"
回答by TCB13
Please read this:https://gist.github.com/rmondello/b933231b1fcc83a7db0b
请阅读:https : //gist.github.com/rmondello/b933231b1fcc83a7db0b
Ignore:-----
忽略: - - -
I found a sollution to the "Always Allow" dialog in each key!
我在每个键中找到了“始终允许”对话框的解决方案!
Just run the previous command with sudo.
只需使用 sudo 运行上一个命令。
sudo su
security dump-keychain -d /Users/YourUsername/Library/Keychains/login.keychain
This way you'll only need to enter your password two times. One on the Terminal to sudo and another to unlock the keychain! ;)
这样你只需要输入两次密码。一个在终端上用于 sudo,另一个用于解锁钥匙串!;)
Have a nice day!
祝你今天过得愉快!
回答by Brian Heese
Update, there is now a tool that does this nicely:
更新,现在有一个工具可以很好地做到这一点:
Keychaindump is a proof-of-concept tool for reading OS X keychain passwords as root. It hunts for unlocked keychain master keys located in the memory space of the securityd process, and uses them to decrypt keychain files.
Keychaindump 是一个概念验证工具,用于以 root 身份读取 OS X 钥匙串密码。它寻找位于 securityd 进程的内存空间中未锁定的钥匙串主密钥,并使用它们来解密钥匙串文件。
回答by wutter
Actually I was just looking for the same: Modified applescript from github somebody posted. To be run in ScriptEditor and must be allowed in Preferences & Security.
实际上,我只是在寻找相同的内容:从有人发布的 github 修改了 Applescript。要在 ScriptEditor 中运行,并且必须在 Preferences & Security 中允许。
##代码##You must click each window separetly in order to activate them. For that I used tool "murgaa auto clicker" I had known from runescape many years ago (http://www.murgaa.com/auto-clicker-mac/seems still active). You just set shortcut for autoclicking (eg. Command+R) and set timer to 10ms and it works like charm.
您必须分别单击每个窗口才能激活它们。为此,我使用了多年前从 runescape 中了解到的工具“murgaa 自动点击器”(http://www.murgaa.com/auto-clicker-mac/似乎仍然有效)。您只需设置自动单击的快捷方式(例如 Command+R)并将计时器设置为 10 毫秒,它就像魅力一样工作。
回答by frytaz
I found solution for not clicking "Allow" multiple times
我找到了多次点击“允许”的解决方案
##代码##