Multiple Secrets in One Keychain Entry

views:

answers:

+2 Q:

Multiple Secrets in One Keychain Entry

I have three secrets to store in the Mac OS keychain. Currenly I store each of these in a separate keychain entry. The drawback to this is that if my application is updated the user sees three "allow access" dialogs, one for each entry. What I'd like to do is store all three secrets in one keychain entry. One of these secrets is a user-supplied password.

What is the standard method for doing this? Should I just cram all data into the password field (which means the one secret that is a user-supplied password won't be very readable in KeychainAccess.app), or is there some other way to add multiple "passwords" (i.e., encrypted fields) into one keychain entry?

I don't think there's a standard method, but if your secrets are reasonably short then you can stick them at the beginning, e.g. "base64-encoded-secret-1 base64-encoded-secret-2 password", which is easy to parse (even if the password contains spaces) and means that the user can see the password in Keychain Access if necessary.

tc. 2010-08-19 02:25:00

Great idea. Thanks! Really it comes down to my seeing indications that there might be a way to put multiple secrets in one keychain entry, but every time I went down that path it just didn't pan out.

cygnl7 2010-08-19 19:58:09

It would be nice, but it looks like keychain items only have one "value", and the value is the only thing that's kept secret (see `security dump-keychain`).

tc. 2010-08-20 16:36:09

ansaurus

tags:

views:

answers:

Multiple Secrets in One Keychain Entry

related questions