Resolved Moving iMac overseas-Keychain question

[Kanunu]

I have been searching and reading up on Keychain but still have some questions about what I want to do. I am moving my iMac internationally as luggage and am nervous about passwords that are stored in Keychain. As it is a desktop in my home I have rather casually felt safe about allowing most passwords to be stored. I also have two backup systems, Time Machine and Carbon Copy Cloner with an external drive for each that I will probably carry on my person.

The folder ~/Lion/Library/Keychains contains five files. These are:
.fl9F4D481B (hidden)
.fl947E1BDB (hidden)
applepushserviced.keychain
System.keychain
System.keychain-orig


My question: Which if any of these files can I delete while transporting the iMac and subsequently restore from the backup(s)? I don't want to delete something that will make it impossible to log on to my user account.

Alternately could I use Keychain Access.app to delete certain items and then restore earlier versions of one or all of these files when I unpack the iMac? If I use this method are there any items that I must not delete?

Thank you

 

[Weaselboy]

You are in the wrong folder. What you want is in /Users/username/Library/Keychains

Substitute your acct name for where I have username.

Then in Finder do shift-command-g and paste in /Users/username/Library/Keychains

In that folder copy login.keychain and metadata.keychain to a thumb drive or whatever and delete the originals.

A different way would be to change to Keychain password to something other than the login password. Make it something complex and write it down. This way even if someone is able to login they could not get your keychain data.

When you get to your destination you can just change keychain settings back to use the login password if you want.

 

[Kanunu]

Follow up question

Thanks Weaselboy for the heads up on being in the wrong library. My correct folder contains the two files you noted plus a Microsoft_Intermediate_Certificates. Looking with Keychain Access, the Microsoft file seems to be locked but empty.

If I want to follow your other suggestion, how do I access the keychain password? I assume that I go to the same place to change it back.

 

[Weaselboy]

If I want to follow your other suggestion, how do I access the keychain password? I assume that I go to the same place to change it back.

Open Keychain prefs and in the first aid tab UNCHECK sync login keychain password with account. Then under the Edit menu in Keychain you will see and option to change to password.

After you do this logout then back in and try to check Mail or something that stores a keychain password and you will get a popup asking to unlock the keychain (with the new password) since it no longer unlocks at login.

Same two spots to change it back later.

 

[Kanunu]

Thanks again

I got this to work but had a little problem going back. I rechecked the sync box and also went to change the keychain password but I could not change it back because the logon password is too short.

I logged in and out a few times with varied result but eventually solved the problem. I went to Keychain FirstAid from the menu rather than the Prefs tab. Then I ran a verify and found I had some kind of duplicate entry. I ran the repair, logged in and out with the sync box checked and went completely back to previous state. I think I will use this method when I transport.