Comments on: Usable Keychain Scripting

By: Keychain scripting letting the Twitters down « A Dog’s Breakfast, part II

Fri, 23 Mar 2007 10:19:53 +0000

[...] Red Sweater Blog says : [...]

By: Daniel Jalkut

Daniel Jalkut — Thu, 17 Aug 2006 13:53:32 +0000

ssp: I see what you mean now. And yes, it’s a problem. It’s similar to the problem with command-line tools and network access. For instance, once you use “telnet” or “ssh” or “curl” to connect to a particular site and grant network permissions via Little Snitch or whatever, the tool is suddenly blessed for whoever might call it.

By: ssp

ssp — Thu, 17 Aug 2006 11:37:30 +0000

I’m not sure this was clear in my previous comment, but the main problem I am seeing is the concept of a proxy application for accessing the keychain. Usually the keychain will ask you about an application wanting to access your passwords. And even if you go for the ‘allow permanently’ option you will have to confirm access to those keys again after upgrading the application in question for example.

Once you have a proxy application in between, though, this whole security feature stops to work. Not only will you not be notified that the application getting the password in the end has changed, there could even be a completely different application asking for your passwords without you having a chance to notice that.

I am not saying that this is a practical problem today - most certainly it isn’t. But it’s mainly “security by obscurity” you are getting there. As useful as such a tool for accessing the keychain can be for private use, as dangerous it could be once it sees usage in public. I guess it all boils down to the question whether you are prepared to grant access to your passwords to an application which will just pass them on to anyone who bothers to ask.

It could be interesting to discuss what Apple could do to improve their keychain API in that respect. While I think the traditional ‘ask for each application’ approach is a good balance of security and not annoying the user too much, the very fact that OS X is a Unixy system that lets you tie applications together through little helper applications and scripting languages makes this approach a bit weak in some cases.

By: Mike Henley

Mike Henley — Wed, 16 Aug 2006 13:30:54 +0000

I got a slight improvement in speed by using the style of the last example with the built-in keychain access. If you know that something is a generic key, you can ask for “the first generic key where…”

By: Alex

Alex — Tue, 15 Aug 2006 04:57:30 +0000

I don’t know if this may be of use to anyone else, but an alternative to slow keychain scripting is doing it via the shell. Allan Odgaard wrote up a nice post about it a while back: http://macromates.com/blog/archives/2006/04/17/keychain-access-from-shell/

By: Kunal

Kunal — Sun, 13 Aug 2006 06:36:01 +0000

Talking about keychain security I was wondering, could you gain access to anyone’s keychain contents if you could just lay your hands on the file?

By: From Concentrate Software

From Concentrate Software — Sun, 13 Aug 2006 03:11:59 +0000

[...] So when developers go out of their way to get around Applescript, well, it’s just a bit embarrassing. I noticed today that Daniel Jalkut has written a minor application to get around keychain scripting. It reminded my of an application that I put together recently. [...]

By: Adam Belll

Adam Belll — Fri, 11 Aug 2006 22:43:27 +0000

Works a treat, Daniel. Thanks for it.

By: Daniel Jalkut

Daniel Jalkut — Fri, 11 Aug 2006 22:14:19 +0000

Oh yeah, I meant to add - most of the attributes of keys are accessible without authentication, even if the keychain is “locked.” So it’s not until you ask for a password of an item that the authentication becomes an issue.

By: Daniel Jalkut

Daniel Jalkut — Fri, 11 Aug 2006 22:11:59 +0000

I was, and remain, a little uncertain about how to handle the security thing - but the default behavior seems “about right.”

You’ll notice that even when you ask for the password in Keychain Access, it makes you authenticate if you’ve never done it before. You can then choose to make it a permanent allowance if you see fit.

This seems to work out pretty well because it gives the user total knowledge of what is being accessed when, and assures them that I’m not managing to sneak any data out on the side (well, I suppose I could be for the ones the user permits, but I promise I’m not!).

Basically Usable Keychain Access is just like any of your other apps. You choose how much to let it into the trust circle, and you can choose on a per-key basis.