My keychain passwords gone after upgraded to High Sierra
-
31-05-2021 - |
Pregunta
My keychain passwords disappeared after I upgraded to High Sierra. I have 130+ entries made in secure notes of Keychain Access. How do I restore them?
In detail: After upgrade to MacOS 10.13 from 10.11 my login keychain is out of sync and I lost all my 133 Password Entries I saved to secure notes. I can only temporarily restore them via Terminal commands. I see that my old key database was renamed to login_renamed_1.keychain-db. If I rename it to login.keychain-db and open /Applications/Utilities/Keychain\ Access.app and my Password Entries are there again, but everytime I log out of my User Account (both after restart or after logging out) a new file named login.keychain-db is created and my Passwords are gone again.
Here is what I do in Terminal:
bash$ security default-keychain
"/Users/myself/Library/Keychains/login.keychain-db"
bash$ security set-keychain-password "/Users/myself/Library/Keychains/login.keychain-db"
Old Password:
New Password:
Retype New Password:
This puts my keychain back in sync (password is set), but I still miss my PW Entries in secure notes.
So I am also setting a Password for the old keychain database (lines beginning with '//' are comments, thus no Terminal input ):
bash$ security set-keychain-password login_renamed_1.keychain-db
Old Password:
New Password:
Retype New Password:
bash$ sudo mv login.keychain-db login.keychain-db-out
// renaming the current keychain-db to "*-out"
bash$ mv login_renamed_1.keychain-db login.keychain-db
// renaming the old keychain-db to the name of the default keychain
When I open Keychain Access.app after this my Password Entries have returned, but only for so long as I do not log out or restart my Mac. Upon login or startup a new login.keychain-db file is created and the old one is again renamed to login_renamed_1.keychain-db.
At this time the only way I can retrieve my Password Entries is to open each entry, copy the contents of the secure note in a Text file, which I would have to repeat 133 times. I would rather keep my old databes instead, as you easily may imagine.
Does anybody of you has a solution for this? Thank you in advance for your patience reading this and – hopefully – for your help.
Solución
I found the solution: I managed to restore my Password Entries permanently. It again involves tinkering with the Terminal, steps are as follows:
- open the Keychain Access App
- create new Keychain
- save new Keychain as default keychain; quit Keychain Access. // Hint: As soon as a keychain is not the default keychain anymore, you can change its Password again via Keychain Access (no more grayed-out menu commands there)
- Continue inside Terminal:
bash$ security set-keychain-password login_renamed_1.keychain-db
// this is setting a new password for the old (corrupted) keychain-db.
// Important: you must know the old password for being able to do so.
// In the next step I am replacing the default keychain-db with 'login_renamed_1.keychain-db'
Old Password:
New Password:
Retype New Password:
bash$ sudo mv login.keychain-db login.keychain-db-out
// renaming the current keychain-db to "*-out"
bash$ mv login_renamed_1.keychain-db login.keychain-db
// renaming the old keychain-db to the name of the default keychain
- Restart Keychain Access. The lost 'Secure Notes' are temporarily restored to the Default Keychain, but only until the next login.
- Choose Default Keychain, in the Sidebar choose 'Secure Notes' (I hope this is correct, as my macOS runs with german language).
- Select all Secure Notes of Standard Keychain and move them via drag and drop to 'Secure Notes' of the new Keychain you created in Step 2.
- now to the tedious part: in the now opening Dialogue Window you have to type the Password of the Standard Keychain – For every single entry (which was 133 times in my case). Tip: you may copy the PW and paste it in the Dialogue field instead of re-typing it.
- Quit Keychain Access, restart Computer
- Upon the next login all Password Entries are restored – Eureka!
Now I can safely copy all my PW Entries to another app which is more useful to the task, e. g. 1Password, which is very secure and has a GUI, but you'll have to pay $ 3.99 p. month. I will give the Unix Program 'pass' a try, which is command line and requires some knowledge about git and github, but is very configurable and free. In the end I'd like to say: “Thaaaank you, Apple.” It costed me only my nerves and ~5 hours work to clean up after you.
But it was still worth it, I’m happy :)