{
	"id": "6e5b3232-5765-40c1-b47a-ff8d40ad7a7d",
	"created_at": "2026-04-06T01:30:00.808338Z",
	"updated_at": "2026-04-10T03:21:49.247951Z",
	"deleted_at": null,
	"sha1_hash": "bdb6d1b264860b531debc9c4d5490c4c4b5dd09b",
	"title": "Keychain (software)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 126022,
	"plain_text": "Keychain (software)\r\nBy Contributors to Wikimedia projects\r\nPublished: 2005-11-01 · Archived: 2026-04-06 00:48:15 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nKeychain\r\nDeveloper Apple\r\nInitial release 1999\r\nOperating system Mac OS 9, macOS\r\nSuccessor Passwords\r\nType system utility\r\nLicense APSL-2.0\r\nWebsite Keychain Services\r\nKeychain Access\r\nScreenshot of Keychain Access on macOS 12.\r\nDeveloper Apple Inc.\r\nhttps://en.wikipedia.org/wiki/Keychain_(software)\r\nPage 1 of 4\n\nStable release 11.0 (55314) / 2022\r\nOperating system Mac OS 9, macOS\r\nSuccessor Passwords\r\nType password manager\r\nWebsite Keychain Access Help\r\nKeychain is a password management system developed by Apple for macOS. It was introduced with Mac OS 8.6,\r\nand was included in all subsequent versions of the operating system, as well as in iOS. A keychain can contain\r\nvarious types of data: passwords (for websites, FTP servers, SSH accounts, network shares, wireless networks,\r\ngroupware applications, encrypted disk images), private keys, certificates, and secure notes. Some data, primarily\r\npasswords, in the Keychain are visible and editable using a user-friendly interface in Passwords, a built in app in\r\nmacOS Sequoia and iOS 18 and available in System Settings/Settings in earlier versions of Apple's operating\r\nsystems.\r\nKeychains were initially developed for Apple's e-mail system, PowerTalk, in the early 1990s. Among its many\r\nfeatures, PowerTalk used plug-ins that allowed mail to be retrieved from a wide variety of mail servers and online\r\nservices. The keychain concept naturally \"fell out\" of this code, and was used in PowerTalk to manage all of a\r\nuser's various login credentials for the various e-mail systems PowerTalk could connect to.\r\nThe passwords were not easily retrievable due to the encryption, yet the simplicity of the interface allowed the\r\nuser to select a different password for every system without fear of forgetting them, as a single password would\r\nopen the file and return them all. At the time, implementations of this concept were not available on other\r\nplatforms. Keychain was one of the few parts of PowerTalk that was obviously useful \"on its own\", which\r\nsuggested it should be promoted to become a part of the basic Mac OS. But due to internal politics, it was kept\r\ninside the PowerTalk system and, therefore, available to very few Mac users.[citation needed]\r\nIt was not until the return of Steve Jobs in 1997 that Keychain concept was revived from the now-discontinued\r\nPowerTalk. By this point in time the concept was no longer so unusual, but it was still rare to see a keychain\r\nsystem that was not associated with a particular piece of application software, typically a web browser. Keychain\r\nwas later made a standard part of Mac OS 9, and was included in Mac OS X in the first commercial versions.\r\nIn macOS, keychain files are stored in ~/Library/Keychains/ (and subdirectories), /Library/Keychains/ , and\r\n/Network/Library/Keychains/ , and the Keychain Access GUI application is located in the Utilities folder in the\r\nApplications folder.\r\n[1][2]\r\n It is free, open source software released under the terms of the APSL-2.0.\r\n[3]\r\n The\r\ncommand line equivalent of Keychain Access is /usr/bin/security .\r\nThe keychain database is encrypted per-table and per-row with AES-256-GCM. The time at which each credential\r\nis decrypted, how long it will remain decrypted, and whether the encrypted credential will be synced to iCloud\r\nvaries depending on the type of data stored, and is documented on the Apple support website.[4]\r\nhttps://en.wikipedia.org/wiki/Keychain_(software)\r\nPage 2 of 4\n\nLocking and unlocking\r\n[edit]\r\nThe default keychain file is the login keychain, typically unlocked on login by the user's login password,\r\nalthough the password for this keychain can instead be different from a user's login password, adding security at\r\nthe expense of some convenience.[5] The Keychain Access application does not permit setting an empty password\r\non a keychain.\r\nThe keychain may be set to be automatically \"locked\" if the computer has been idle for a time,[6] and can be\r\nlocked manually from the Keychain Access application. When locked, the password has to be re-entered next time\r\nthe keychain is accessed, to unlock it. Overwriting the file in ~/Library/Keychains/ with a new one (e.g. as part\r\nof a restore operation) also causes the keychain to lock and a password is required at next access.\r\nPassword synchronization\r\n[edit]\r\nIf the login keychain is protected by the login password, then the keychain's password will be changed whenever\r\nthe login password is changed from within a logged-in session on macOS. On a shared Mac/non-Mac network, it\r\nis possible for the login keychain's password to lose synchronization if the user's login password is changed from a\r\nnon-Mac system. Also, if the password is changed from a directory service like Active Directory or Open\r\nDirectory, or if the password is changed from another admin account e.g. using the System Preferences. Some\r\nnetwork administrators react to this by deleting the keychain file on logout, so that a new one will be created next\r\ntime the user logs in. This means keychain passwords will not be remembered from one session to the next, even\r\nif the login password has not been changed. If this happens, the user can restore the keychain file in\r\n~/Library/Keychains/ from a backup, but doing so will lock the keychain, which will then need to be unlocked\r\nat next use.\r\nThird-party software for keychain synchronization\r\n[edit]\r\nThere was a 3rd party software application developed, that enabled synchronization of personal keychains\r\ngenerated using keychain access in Mac OS X, these standard keychain access - generated users keychains could\r\nthen be synchronised between devices (iPhones - desktop Apple computers), using a pair of keychain\r\nsynchronization apps developed by Patrick Stein of Jinx Software, one for Mac OS X and another for iOS called\r\nKeychain2Go. Keychain2Go could not be successfully updated by the developer to account for restrictions that\r\nApple made to Keychain and access to Keychain in Mac OS X Sierra 10.12.[7]\r\nKeychain is distributed with both iOS and macOS. The iOS version is simpler because applications that run on\r\nmobile devices typically need only very basic Keychain features. For example, features such as ACLs (Access\r\nControl Lists) and sharing Keychain items between different apps are not present. Thus, iOS Keychain items are\r\nonly accessible to the app that created them.\r\nhttps://en.wikipedia.org/wiki/Keychain_(software)\r\nPage 3 of 4\n\nAs Mac users’ default storage for sensitive information, Keychain is a prime target for security attacks.\r\nIn 2019, 18-year-old German security researcher Linus Henze demonstrated his hack, dubbed KeySteal, that grabs\r\npasswords from the Keychain. Initially, he withheld details of the hack, demanding Apple set up a bug bounty for\r\nmacOS. Apple had however not done so when Henze subsequently revealed the hack. It utilized Safari's access to\r\nsecurity services, disguised as a utility in macOS that enables IT administrators to manipulate keychains.[8]\r\nList of password managers\r\n1. ^ \"Mac OS X 10.5 Help - Changing your keychain password\". Docs.info.apple.com. Archived from the\r\noriginal on May 31, 2012. Retrieved March 28, 2016.\r\n2. ^ \"Mac OS X 10.4 Help - Changing your keychain password\". Docs.info.apple.com. Archived from the\r\noriginal on May 31, 2012. Retrieved March 28, 2016.\r\n3. ^ Apple Inc. \"Source Browser\". opensource.apple.com. Archived from the original on March 7, 2012.\r\nRetrieved February 26, 2012.\r\n4. ^ \"Keychain data protection\". Apple Inc. May 17, 2021. Archived from the original on December 20, 2021.\r\nRetrieved December 20, 2021.\r\n5. ^ \"Mac OS X 10.5 Help: Changing your keychain password\". Docs.info.apple.com. Archived from the\r\noriginal on June 13, 2011. Retrieved February 26, 2012.\r\n6. ^ \"Mac OS X 10.4 Help: Locking and unlocking your keychain\". Docs.info.apple.com. Archived from the\r\noriginal on June 13, 2011. Retrieved February 26, 2012.\r\n7. ^ Stein, Patrick. \"Keychain2go keychain synhcronisation software\". Jinx Software. Archived from the\r\noriginal on May 31, 2023. Retrieved March 22, 2023.\r\n8. ^ Newman, Lily Hay (June 1, 2019). \"The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack\".\r\nWired. Retrieved July 9, 2021.\r\nSource: https://en.wikipedia.org/wiki/Keychain_(software)\r\nhttps://en.wikipedia.org/wiki/Keychain_(software)\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Keychain_(software)"
	],
	"report_names": [
		"Keychain_(software)"
	],
	"threat_actors": [],
	"ts_created_at": 1775439000,
	"ts_updated_at": 1775791309,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bdb6d1b264860b531debc9c4d5490c4c4b5dd09b.pdf",
		"text": "https://archive.orkl.eu/bdb6d1b264860b531debc9c4d5490c4c4b5dd09b.txt",
		"img": "https://archive.orkl.eu/bdb6d1b264860b531debc9c4d5490c4c4b5dd09b.jpg"
	}
}