The keychain may be set to be automatically "locked" if the computer has been idle for a time, and can be locked manually from the Keychain Access application. The Keychain Access application does not permit setting an empty password on a keychain. The default keychain file is the login keychain, typically unlocked on login by the user's login password, although the password for this keychain can instead be different from a user's login password, adding security at the expense of some convenience. The time which each credential is decrypted, how long it will remain decrypted, and whether the encrypted credential will be synced to iCloud varies depending on the type of data stored, and is documented on the Apple support website. The keychain database is encrypted per-table and per-row with AES-256-GCM. The command line equivalent of Keychain Access is /usr/bin/security. It is free, open source software released under the terms of the APSL-2.0. In macOS, keychain files are stored in ~/Library/Keychains/ (and subdirectories), /Library/Keychains/, and /Network/Library/Keychains/, and the Keychain Access GUI application is located in the Utilities folder in the Applications folder.
0 Comments
Leave a Reply. |