This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Suggestion Import/sync Keychain
mike548141
Junior Member
Hi,
It would be great if there were a method in 1Password to import/sync from keychain. So if a password (e.g. WiFi WPA key) is added to keychain it is automagically imported into the 1Password store.
Thoughts?
Thanks,
MC
It would be great if there were a method in 1Password to import/sync from keychain. So if a password (e.g. WiFi WPA key) is added to keychain it is automagically imported into the 1Password store.
Thoughts?
Thanks,
MC
Flag
0
Comments
-
[quote name='mike548141']Thoughts?[/QUOTE]
Only that I made a similar suggestion years ago, am too tired to search for it (and any followup discussion) right now, and would still like that functionality. :)Flag 0 -
Thank you for your suggestion. We may someday allow arbitrary items from your OS X keychain be imported into 1Password, but it wouldn't be automatic as you asked. I am curious, since in your example case a Wi-Fi key cannot ever be expected by OS X to be anywhere but in your keychain I'm not sure what the tie-in to 1Password having a duplicate (and possibly out-of-date copy) would be: it's encrypted in your keychain if security is your concern.Flag 0
-
[quote name='MartyS']We may someday allow arbitrary items from your OS X keychain be imported into 1Password, but it wouldn't be automatic as you asked.[/QUOTE]
I'd like it to be automatic in the other direction, i.e. mirroring compatible 1P data to a specified (e.g. login) OS X keychain. That way the latter could be used on systems without 1P. Even manual "Export 1P to OS Keychain" functionality would be much appreciated. Thanks!Flag 0 -
Hi SJK,
OK that makes a lot of sense, and I can see how it would be useful. This may be something we can look at in the future, I'll certainly pass on the suggestion, obviously I can't make any promises on if and when this will be available though.Flag 0 -
Thanks, Stu. Here's an earlier related suggestion/discussion:
[url=http://support.agilewebsolutions.com/showthread.php?20003-Export-to-KeyChain-%28for-peace-of-mind-%29&p=101506]Export to KeyChain ... (for peace of mind ...)[/url]Flag 0 -
[quote name='justG']My understanding of this situation is that the keychain can't import data.[/QUOTE]
The Keychain Access app can't (AFAIK), which is why I mentioned possibly using the [b]security[/b] command in the post with the aforementioned link, e.g.:
[CODE]% security help import
Usage: import inputfile [-k keychain] [-t type] [-f format] [-w] [-P passphrase] [options...]
-k Target keychain to import into
-t Type = pub|priv|session|cert|agg
-f Format = openssl|openssh1|openssh2|bsafe|raw|pkcs7|pkcs8|pkcs12|netscape|pemseq
-w Specify that private keys are wrapped and must be unwrapped on import
-x Specify that private keys are non-extractable after being imported
-P Specify wrapping passphrase immediately (default is secure passphrase via GUI)
-a Specify name and value of extended attribute (can be used multiple times)
-A Allow any application to access the imported key without warning (insecure, not recommended!)
-T Specify an application which may access the imported key (multiple -T options are allowed)
[/CODE]
1P could export an inputfile compatible with [b]security import …[/b].Flag 0 -
Being able to automatically share passwords with the OS X Keychain would be very useful.
An important number of "internet" (actually web ones) login credentials are shared with third party applications: twitter, facebook, etc. all of which rely on the keychain for their storage.
Having these passwords duplicated in 1Password leads to very painful maintenance: changing the password on one side won't update it on the other.
The Keychain has the advantage that it offers a standard secure repository which all applications can access. By storing its data in its own "vault" 1Password deprives all other applications of it. The Keychain also allows for selective access to applications (ie, allow Skype to read a password, but not unrelated applications), which you don't.
I think making 1Password a service provider built around the Keychain makes way more sense than having it secure the data by itself. The Keychain is plenty secure, it offers more versatility and flexibility, however its configuration and interface is a pain for non technical users. Why not extend it instead of trying to supplement it ?
Best Regards,
LaurentFlag 0 -
Hi Laurent,
While the OS X keychain is secure, it certainly isn't flexible enough for what we need for 1Password. In the days of 1Password and 1Password 2 we did in fact use the OS X keychain but when we began to develop 1Password 3 we found that the OS X Keychain format just wasn't practical for what we wanted to do. We've actually created a document in our user guide showing you why we chose to use our own Agile Keychain format and you can take a look at this here:
[url]http://help.agile.ws/1Password3/keychain_comparison.html[/url]
1Password was never designed to replace the OS X keychain for handling application logins for things like Skype, Twitter clients, IM services, but instead was designed to make the whole process of logging into websites much simpler and secure.
So, while we may look into some form of sync with the OS X Keychain, as it stands right now we won't be switching back to this format, it would be a massive step backwards for us.Flag 0