Keychain
A keychain is a locked, encrypted container used in Keychain Access to store account names and passwords for apps, servers, AirPort base stations, and websites. You can also use keychains to store confidential information such as credit card numbers or personal identification numbers (PINs) for bank accounts.
The keychain files are stored in ~/Library/Keychains
, /Library/Keychains/
and /Network/Library/Keychains/
. These files are viewed and edited through an application called Keychain Access, found in the Utilities folder in the Applications folder.
- Your keychain (for your personal account) is stored in the Library:
/Users/<accountname>/Library/Keychains/login.keychain
Creack
https://github.com/n0fate/chainbreaker
https://github.com/nkraetzschmar/chainbreaker
# disable SIP, and reboot
# https://github.com/nkraetzschmar/chainbreaker/archive/refs/tags/v0.9.zip
$ git clone https://github.com/nkraetzschmar/chainbreaker.git
# crack System.keychain
# able to get all private keys on macOS Monterey 12.6
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-private-keys --unlock-file /var/db/SystemKey /Library/Keychains/System.keychain
# able to get all private keys on macOS Monterey 12.6
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-public-keys --unlock-file /var/db/SystemKey /Library/Keychains/System.keychain
# crack /Users/[username]/Library/Keychains/login.keychain OR /Users/[username]/Library/Keychains/login.keychain-db
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-private-keys --password-prompt /Users/[username]/Library/Keychains/login.keychain
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-public-keys --password-prompt /Users/[username]/Library/Keychains/login.keychain
# Alternatively, you could dump/export the certificate from Keychain Access App directly
# And then, convert a certificate between binary DER encoding (.cer) and textual PEM encoding
$ openssl x509 -inform der -in output.cer -out my_output.pem
# Manually compose a cert with a private key by using the following format
$ vim my-cer.pem
-----BEGIN CERTIFICATE-----
<paste the cert dumped to be here>
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
<paste the private key dumped to be here>
-----END PRIVATE KEY-----%
# import a certificate with a private key into System.keychain
$ sudo security import my-cer.pem -k /Library/Keychains/System.keychain
关于证书相关转换,refer to https://swsmile.info/post/certificates/