Keychain - should the login keychain be unlocked?

Discussion in 'OS X El Capitan (10.11)' started by bulldoze, Mar 30, 2017.

  1. bulldoze macrumors regular

    Joined:
    Mar 15, 2011
    #1
    I have google searched this but cannot find an answer. I was looking at the Keychain Access this afternoon and noticed that the login keychain was unlocked. I locked it but then could not view webpages unless I unlocked it again - is this usual behaviour or have I messed up the keychain somehow?

    Thanks.
     
  2. casperes1996 macrumors 65816

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #2

    The login keychain locks itself whenever you log out of your account. Whenever you're logged in, it should be unlocked.

    Or at least this is how I believe it works - I've written an extensive paper on iOS security and am inferring how the Mac handles things based on that. It would be the most logical answer however. Unlocked doesn't mean anything can access everything in your keychain. Locked however means nothing can without you entering the admin password.
     
  3. Goatllama macrumors 6502a

    Goatllama

    Joined:
    Jun 24, 2015
    Location:
    Mountaintop Lair
    #3
    Excellent! I know I'm not the OP, but I've had this question for a while as well, just never cared enough to look too far into it.
     
  4. casperes1996 macrumors 65816

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #4
    Well, glad to help :). For further reading if anyone is interested, I would first recommend looking into what is called private-public key cryptography. It's used almost everywhere today.
    Then after that, Apple has a lot of documentation on how their security works explaining their various key levels and whatnot. It's all brillant stuff and sometimes it literally sounds like it's a spy film or something.
     
  5. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #5
    The login keychain is indeed unlocked by default and it matches the account password. It is possible to change this behaviour, but not recommended for the reasons given.
     
  6. bulldoze thread starter macrumors regular

    Joined:
    Mar 15, 2011

Share This Page