Retrieve network password (network share) from keychain in terminal
How can I retrieve my NAS password from Keychain using the terminal? Using security
I can retrieve both application and internet passwords, but I've been unsuccessful for those where kind is set to network password
.
Using the -D
flag of find-generic-password
doesn't do the trick.
Solution 1:
After searching, it seems the case is important for the kind. The following worked for me with the following keychain config:
security find-internet-password -D "Network Password" -l "the_share" -w
Of course you can filter a bit more by indicating more element to your research
security find-internet-password -h
Usage: find-internet-password [-a account] [-s server] [options...] [-g] [keychain...]
-a Match "account" string
-c Match "creator" (four-character code)
-C Match "type" (four-character code)
-d Match "securityDomain" string
-D Match "kind" string
-j Match "comment" string
-l Match "label" string
-p Match "path" string
-P Match port number
-r Match "protocol" (four-character code)
-s Match "server" string
-t Match "authenticationType" (four-character code)
-g Display the password for the item found
-w Display only the password on stdout
If no keychains are specified to search, the default search list is used.
Find an internet password item.
With the above results here's what are the fields (replace -w
by -g
)
security find-internet-password -D "Network Password" -l "the_share" -g
keychain: "/Users/bric3/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
0x00000007 <blob>="the_share"
0x00000008 <blob>=<NULL>
"acct"<blob>="the_user"
"atyp"<blob>=<NULL>
"cdat"<timedate>=0x32303139313233303133323534345A00 "20191230132544Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Network Password"
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303139313233303133323534345A00 "20191230132544Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="afp "
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="the_share._afpovertcp._tcp.local"
"type"<uint32>=<NULL>
password: "the password"
E.g. specifying the protocol using -r "smb "
will not result in any result for me as it is an afp share, but using -r "afp "
will, for this particular (Note that the extra space is mandatory for this particular criteria to work). But it's also possible to search for the account using -a the_user
. But for this password specifying other fields (as they are NULL
) will not return anything.
macOs 10.15.2