System Keychain

This morning I was trying to add a new machine to my wireless network. Unfortunately, I’d forgotten the password… To the Keychain Access batcave!

Unfortunately, the “Airport network password” is stored in the system keychain, instead of my login keychain. Whilst I can unlock the system keychain, when I ask it to show me the password for my wireless network, it prompts for a password. Not my password, as it happens. Oh no. System keychain is protected by a 48 random bytes stored in /var/db/SystemKey. It’s created by the systemkeychain utility the first time your mac is booted. More to the point, there’s absolutely no way I can type those bytes.

So, let’s be cunning I thought. I dropped down to the command line and ran:

  % sudo cat /var/db/SystekMey | pbcopy

Then went back to keychain access only to discover that you can’t paste passwords in OS X.

A bit more googling turned up the security command. In particular, the dump-keychain command. Finally, running this spat out the password I was after:

  % security dump-keychain -d ~/Library/Keychains/login.keychain

At this point, I found out that it was the password for my old wireless network, which I’d just stopped using. A closer inspection of my login keychain revealed another “AirPort network password” which just happened to be for the new network. Ah well, at least it surrendered itself willingly.

From googling, it appears that many other people have been unable to recover stuff in their system keychain. So this is good stuff to know.

Comments are Closed