Enhancement: Support dumping Keys DB

[hubert3]

Some apps use kSecClassKey to store IDs, passwords and credentials, even though these items are not really private keys. These credentials are currently invisible to keychaineditor.

It would be nice if they could be dumped and edited like passwords. Sogeti's keychain_dump (iphone-dataprotection.keychainviewer/Keychain/keychain_dump.c) supports dumping them.

[NitinJami]

Thanks for the suggestion @hubert3. I am fixing couple of bugs by end of this week. I will try to incorporate this as well.

[hubert3]

I implemented basic support for --action dump-keys in my fork here:

hubert3@ca32d8e

It assumes that kSecClassKey items contain strings as their data. It won't work for dumping RSA private keys or similar yet.

Adding --find xxx will only print key items where the Access Group field contains xxx.

kSecClassKey items do not have "Account" and "Service" like genp, instead they are identified by kSecAttrAccessGroup and kSecAttrApplicationTag. Some refactoring would be required to integrate this neatly into the existing keychaineditor commands because the existing code assumes every item has a "Service" and "Account" attribute.

[mailinglists35]

Feb 4, 2016 - I am fixing couple of bugs by end of this week. I will try to incorporate this as well.

hi, did you eventually incorporate the suggestion?