My keychain passwords gone after upgraded to High Sierra

Question

My keychain passwords disappeared after I upgraded to High Sierra. I have 130+ entries made in secure notes of Keychain Access. How do I restore them?

In detail: After upgrade to MacOS 10.13 from 10.11 my login keychain is out of sync and I lost all my 133 Password Entries I saved to secure notes. I can only temporarily restore them via Terminal commands. I see that my old key database was renamed to login_renamed_1.keychain-db. If I rename it to login.keychain-db and open /Applications/Utilities/Keychain\ Access.app and my Password Entries are there again, but everytime I log out of my User Account (both after restart or after logging out) a new file named login.keychain-db is created and my Passwords are gone again.

Here is what I do in Terminal:

bash$ security default-keychain
    "/Users/myself/Library/Keychains/login.keychain-db"
bash$ security set-keychain-password "/Users/myself/Library/Keychains/login.keychain-db"
Old Password:
New Password:
Retype New Password:

This puts my keychain back in sync (password is set), but I still miss my PW Entries in secure notes.

So I am also setting a Password for the old keychain database (lines beginning with '//' are comments, thus no Terminal input ):

bash$ security set-keychain-password login_renamed_1.keychain-db
Old Password:
New Password:
Retype New Password:
bash$ sudo mv login.keychain-db login.keychain-db-out
// renaming the current keychain-db to "*-out"
bash$ mv login_renamed_1.keychain-db login.keychain-db
// renaming the old keychain-db to the name of the default keychain

When I open Keychain Access.app after this my Password Entries have returned, but only for so long as I do not log out or restart my Mac. Upon login or startup a new login.keychain-db file is created and the old one is again renamed to login_renamed_1.keychain-db.

At this time the only way I can retrieve my Password Entries is to open each entry, copy the contents of the secure note in a Text file, which I would have to repeat 133 times. I would rather keep my old databes instead, as you easily may imagine.

Does anybody of you has a solution for this? Thank you in advance for your patience reading this and – hopefully – for your help.

Answer 1

I found the solution: I managed to restore my Password Entries permanently. It again involves tinkering with the Terminal, steps are as follows:

1. open the Keychain Access App
2. create new Keychain
3. save new Keychain as default keychain; quit Keychain Access. // Hint: As soon as a keychain is not the default keychain anymore, you can change its Password again via Keychain Access (no more grayed-out menu commands there)
4. Continue inside Terminal:

bash$ security set-keychain-password login_renamed_1.keychain-db  
// this is setting a new password for the old (corrupted) keychain-db.   
// Important: you must know the old password for being able to do so.  
// In the next step I am replacing the default keychain-db with 'login_renamed_1.keychain-db'  
Old Password:  
New Password:  
Retype New Password:  
bash$ sudo mv login.keychain-db login.keychain-db-out  
// renaming the current keychain-db to "*-out"  
bash$ mv login_renamed_1.keychain-db login.keychain-db  
// renaming the old keychain-db to the name of the default keychain  

5. Restart Keychain Access. The lost 'Secure Notes' are temporarily restored to the Default Keychain, but only until the next login.
6. Choose Default Keychain, in the Sidebar choose 'Secure Notes' (I hope this is correct, as my macOS runs with german language).
7. Select all Secure Notes of Standard Keychain and move them via drag and drop to 'Secure Notes' of the new Keychain you created in Step 2.
8. now to the tedious part: in the now opening Dialogue Window you have to type the Password of the Standard Keychain – For every single entry (which was 133 times in my case). Tip: you may copy the PW and paste it in the Dialogue field instead of re-typing it.
9. Quit Keychain Access, restart Computer
10. Upon the next login all Password Entries are restored – Eureka!

Now I can safely copy all my PW Entries to another app which is more useful to the task, e. g. 1Password, which is very secure and has a GUI, but you'll have to pay $ 3.99 p. month. I will give the Unix Program 'pass' a try, which is command line and requires some knowledge about git and github, but is very configurable and free. In the end I'd like to say: “Thaaaank you, Apple.” It costed me only my nerves and ~5 hours work to clean up after you.

But it was still worth it, I’m happy :)