search

kishikawakatsumi / UICKeyChainStore

UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.
http://kishikawakatsumi.com
MIT License
3.08k stars 383 forks source link

Read passwords from the macOS keychain #163

Closed arturdev closed 6 years ago

arturdev commented 6 years ago

Is it possible to read passwords from the keychain? For example, to read passwords which are saved by Safari browser for a certain website?

kishikawakatsumi commented 6 years ago

@arturdev Yes and no. If you have the key to uniquely identify the password, you have the chance to access the password. However, in order to read the password, user approval is required. If the user enters the administrator password at the prompt, you can retrieve the password.

arturdev commented 6 years ago

@kishikawakatsumi I'm writing a macOS application which has a login screen. On that screen, a user will type his credentials of http://example.com and if in the keychain he always has that credentials then the app should get that and prefill fields automatically. So using your library, how to show authentication prompt to make the user type admin's password? And how to get his credentials of http://example.com?

kishikawakatsumi commented 6 years ago

@arturdev

screen shot 2018-02-12 at 19 32 28

I recommend using KeychainAccess.app as the first step. Where is server, Account is account.

arturdev commented 6 years ago

@kishikawakatsumi But how do that programmatically? I'm writing a simple login form with 2 fields (email and password) and the user should enter his credentials himself. Long story short, I want to achieve this (see screenshot) in my macOS app:

screen shot 2018-02-12 at 3 17 32 pm

But in order to show this kind of dialog, I need to retrieve this info (list of credentials) from the keychain regarding this certain website.

So, again my question is: how programmatically show authentication prompt to gain access to user's keychain in order to fetch his password of a certain website? Does your library provide that? If yes, then what code to write to achieve That? If no, then what will you suggest to achieve that? (Please note that my app won't be published in AppStore, so any hackish is acceptable 🙂)

Thanks in advance!

kishikawakatsumi commented 6 years ago

@arturdev No you can't. You need to know the keys to access the passwords. You also need to know the keys to display such a list. Safari of cource has a list of the keys because Safari saves the passwords itself.