Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: kurtam
kurtam Author
User level: Level 1
13 points

After TimeMachine restore, keychains don't work.

If you have a DETAILED understanding of how the Mac keychain works, I need your help!


Following a Time Machine full restoration of the system, most keychain elements are not accessible. The suspected cause is that there are multiple keychains and one transferred properly and is accessible, the other transferred properly but is NOT being accessed.


Here's what the keychain folder looks like (colors mine):


KBook-2:Keychains kurt$ ls -FRl

total 11128

drwx------ 2 kurt staff 442 Nov 13 17:43 45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/

drwx------ 2 kurt staff 340 Nov 13 17:43 53EE3F03-9CB5-597E-9340-1D72A76A4A6A/

-rw-r--r--@ 1 kurt staff 1165628 Dec 31 2000 login 2.keychain

-rw-r--r--@ 1 kurt staff 1460060 Nov 13 22:29 login 2.keychain-db

-rw-r--r--@ 1 kurt staff 0 Nov 14 2015 login 2.keychain.sb-1a4972ee-VO6BrB

-rw-r--r--@ 1 kurt staff 1130684 Dec 10 2014 login 2.keychain.sb-5ba40b3d-RmCbE0

-rw-r--r--@ 1 kurt staff 511756 Sep 23 2016 login.keychain

-rw-r--r--@ 1 kurt staff 742056 Nov 13 22:33 login.keychain-db

-rw-r--r--@ 1 kurt staff 33296 Oct 27 2008 login.keychain.leopard.keychain

-rw------- 1 kurt staff 23136 Sep 19 2016 metadata.keychain

-rw------- 1 kurt staff 79184 Nov 13 22:34 metadata.keychain-db

-rw-r--r--@ 1 kurt staff 508252 Mar 26 2012 otown

-rw-r--r-- 1 kurt staff 20460 Feb 23 2004 secure keychain.keychain


./45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1:

total 9064

-rw------- 1 kurt staff 47 Apr 15 2016 accountStatus.plist

-rw------- 1 kurt staff 0 Sep 25 2016 caissuercache.sqlite3

-rw------- 1 kurt staff 512 Oct 20 15:50 caissuercache.sqlite3-journal

-rw------- 1 kurt staff 872448 Oct 22 14:12 keychain-2.db

-rw------- 1 kurt staff 32768 Oct 20 11:26 keychain-2.db-shm

-rw------- 1 kurt staff 2377272Oct 27 20:53keychain-2.db-wal

-rw------- 1 kurt staff 135168 Oct 24 13:24 ocspcache.sqlite3

-rw------- 1 kurt staff 32768 Oct 20 11:24 ocspcache.sqlite3-shm

-rw------- 1 kurt staff 1174232 Oct 27 20:55 ocspcache.sqlite3-wal

-rw------- 1 kurt staff 1408 Oct 9 2016 user.kb


./53EE3F03-9CB5-597E-9340-1D72A76A4A6A:

total 2384

-rw------- 1 kurt staff 4096 Nov 13 15:28 keychain-2.db

-rw------- 1 kurt staff 32768 Nov 13 22:28 keychain-2.db-shm

-rw------- 1 kurt staff 510912Nov 13 22:56keychain-2.db-wal

-rw------- 1 kurt staff 4096 Nov 13 15:00 ocspcache.sqlite3

-rw------- 1 kurt staff 32768 Nov 13 22:26 ocspcache.sqlite3-shm

-rw------- 1 kurt staff 630392 Nov 13 22:53 ocspcache.sqlite3-wal

-rw------- 1 kurt staff 1408 Nov 13 15:28 user.kb

KBook-2:Keychains kurt$


I've color-coded the questions below to the directory information above.


I suspect .db, .db-shm and .db-wal files containthe actual keychain information since the keychain file names (login.keychain and login2.keychain) show very old dates for a keychain that was typically updated once a month or more. I suspect they might reference the files that contain the actual keychain information (with correspondingly altered modification dates).


On the source disk (from the dead Mac) there is only ONE folder with a machine-generated name: .45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/. That indicates to me that ./53EE3F03-9CB5-597E-9340-1D72A76A4A6A was created after the transfer. I believe .45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/ has the CORRECT keychain information based on:


1) The Date: The source MacBook died on October 28. The keychain folders are dated to the day immediately prior to the Mac death (backup was ~midnight) Also, note the other folder has current date tags (today) while the dates in .45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/ do not change.


2) The files sizes of the folder that the Mac is NOT using are substantially larger than the one it IS using..45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/keychain-2.db-wal for example, is 2.3M while/53EE3F03-9CB5-597E-9340-1D72A76A4A6A/keychain-2.db-wal is 660K... about 3X smaller.


I think what happened is that during the TimeMachine recovery, the system generated some new keychain files and copied others (probably copied login.keychain and created a new login2.keychain). It then "forgot" about the information in the original login2 keychain. The information is still there, it's just not being read by the system and I don't know how to redirect it to the proper folder (or even exactly what the files in the folder are.)


To guard against any possibility of file corruption, I compared the files in the keychain folder on the Time Machine with those on the Recovered Volume using file size, sha1 and modification date. (The “=“ indicates a match.) I also compared to the system disk on the dead Mac (the disk is read-only, but the keychain files are intact and readable.) The only differences were the additional files in the ./53EE3F03-9CB5-597E-9340-1D72A76A4A6Afolder on the recovered volume.


If my conclusion is correct, that the information I want IS in the keychain folder 45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1, how do I get the system to recognize/use those files? If I’m wrong, can anyone suggest what may be going wrong?


Can anyone explain how this is supposed to work (what the various files actually are)?


Thanks.


Kurt

================================================================================

Nov 14, 2017, 19:56:04

/untitled text 37

--------------------------------------------------------------------------------

Files on TimeMachine at

/Volumes/TimeMachine/Backups.backupdb/KBook/2017-10-27-235934/Mavericks/Users/ku rt/Library/Keychains/

--------------------------------------------------

--------------------------------------------------

Files on Restored volume at

/Users/kurt/Library/Keychains/45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/

--------------------------------------------------


45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/.DS_Store only exists on Restored Volume

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/accountStatus.plist

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/caissuercache.sqlite3

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/caissuercache.sqlite3-journal

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/keychain-2.db

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/keychain-2.db-shm

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/keychain-2.db-wal

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/ocspcache.sqlite3

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/ocspcache.sqlite3-shm

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/ocspcache.sqlite3-wal

sha = size = mod_date =

45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1/user.kb

sha = size = mod_date =

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/.DS_Store only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/caissuercache.sqlite3 only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/caissuercache.sqlite3-journal only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/keychain-2.db only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/keychain-2.db-shm only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/keychain-2.db-wal only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/ocspcache.sqlite3 only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/ocspcache.sqlite3-shm only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/ocspcache.sqlite3-wal only exists on Restored Volume

53EE3F03-9CB5-597E-9340-1D72A76A4A6A/user.kb only exists on Restored Volume

Keychains/.DS_Store

sha = size = mod_date =

Keychains/.fl0D1D1BA9

sha = size = mod_date =

Keychains/.fl34AC2A0A

sha = size = mod_date =

Keychains/.fl62323D2F

sha = size = mod_date =

Keychains/.fl655B498B only exists on Restored Volume

Keychains/.flC23220F1

sha = size = mod_date =

Keychains/.flEDD8430C

sha = size = mod_date =

Keychains/45BE0ABF-15CC-50B5-8A34-7DF1AF458AC1

sha = size = mod_date =

Keychains/53EE3F03-9CB5-597E-9340-1D72A76A4A6A only exists on Restored Volume

Keychains/login 2.keychain

sha = size = mod_date =

Keychains/login 2.keychain-db only exists on Restored Volume

Keychains/login 2.keychain.sb-1a4972ee-VO6BrB

sha = size = mod_date =

Keychains/login 2.keychain.sb-5ba40b3d-RmCbE0

sha = size = mod_date =

Keychains/login.keychain

sha = size = mod_date =

Keychains/login.keychain-db

sha = size = mod_date =

Keychains/login.keychain.leopard.keychain

sha = size = mod_date =

Keychains/metadata.keychain

sha = size = mod_date =

Keychains/metadata.keychain-db

sha = size = mod_date =

Keychains/otown

sha = size = mod_date =

Keychains/secure keychain.keychain

sha = size = mod_date =

Library/Keychains

sha = size = mod_date =

macOS Sierra (10.12.1)

Posted on Nov 14, 2017 5:27 PM

Reply

There are no replies.

After TimeMachine restore, keychains don't work.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up