writing out local-icloud.keychain file - getting blank pm_export-icloud.txt file

click_clik
click_clik
Community Member

Using converter 1.09 on Mac Sierra 10.12.6 and I'm getting stuck at the point of the conversion process where I write out the local-icloud.keychain file to pm_export-icloud.txt. Saw a Dropbox comment that suggested adding the entire file path to the security dump-keychain -d local-icloud.keychain > ~/Desktop/pm_export-icloud.txt, which I did (omitted here as it contains my name). However running it both with the file path and as written still yield me a new, but blank txt file.

I think it's due to the following error when I run the Apple Script Conversion Helper (where ellipses replace my machine name since it contains my name):

...:~...$ cd '/Users/.../Desktop/convert_to_1p4' && /usr/bin/perl convert_to_1p4.pl keychain '/Users/.../Desktop/local-icloud.keychain' -v
utf8 "\xEE" does not map to Unicode at Utils/Utils.pm line 78 (#1)

many lines of similar error message to:
utf8 "\xDF" does not map to Unicode at Utils/Utils.pm line 78 (#1)

then
Keychain parse failed, after entry 0; unexpected: kych\xEE`

I'm wondering if I can pinpoint and delete entry 78 in this file. I have ~ 600 stored passwords exported from iCloud Keychain in my current local-icloud file and I'm not entirely sure how to count to get to the correct entry. Appreciate any help the community can provide and TIA!


1Password Version: 6.8.1
Extension Version: 4.6.11
OS Version: 10.12.6
Sync Type: iCloud

Comments

  • MrC
    MrC
    Volunteer Moderator
    edited September 2017

    @click_clik ,

    First, please use the 1.10 version of the converter, located in Testing Bits, mentioned in the first post of the converter suite thread.

    Check that the file size of your file

    ~/Desktop/pm_export-icloud.txt
    

    or whatever you've named it, is not 0 bytes. If it is, then nothing was exported via the security command. The debug information will also tell you something about the export file - you can do this in the command line (make sure you cd into the convert_to_1p4 folder:

    $ perl convert_to_1p4.pl keychain ../../_TestFiles/keychain.txt -v -d | grep fileinfo
    print_fileinfo      : Export file info
    print_fileinfo      :   size: 4800
    print_fileinfo      :   kind: ASCII text
    print_fileinfo      :   mime: text/plain; charset=us-ascii
    
    $ perl convert_to_1p4.pl keychain ~/Desktop/empty.txt  -v -d | grep fileinfo
    print_fileinfo      : Export file info
    print_fileinfo      :   size: 0
    print_fileinfo      :   kind: empty
    print_fileinfo      :   mime: inode/x-empty; charset=binary
    

    It isn't line 78 in your export file that causes the complaint. It is line 78 of my PIF conversion module Utils::PIF.pm that produces the error when it tries to handle the input data - there is something in your data that is unexpected. Use version 1.10 and lets go from there.

  • click_clik
    click_clik
    Community Member

    Howdy MrC,

    Thanks for the feedback. Gave it a shot with version 1.10. The export file is indeed 0 bytes (empty). Same error message as before when I run the converter.

  • MrC
    MrC
    Volunteer Moderator
    edited September 2017

    @click_clik ,

    If the file is empty, then it appears that the security command did not export anything, so there is nothing to convert.

    Did your local-icloud keychain contain any items (which I presumed you copy/pasted from the iCloud keychain)?

    You should not have received the same error message as before with an empty file and the 1.10 version of the converter:

    $ perl convert_to_1p4.pl keychain -v empty.txt
    Examined 0 items
    Skipped 0 non-login items
    Skipped 0 duplicate items
    Imported 0 items
    Exported 0 total items
    
  • click_clik
    click_clik
    Community Member

    yes, local-icloud keychain contains 588 items - copy/paste from the iCloud Keychain was successful

  • MrC
    MrC
    Volunteer Moderator

    @click_clik ,

    Ok, so did you export the items w/the security command, using the correct keychain name? Did security present you with passwords, and ask you to confirm each? Maybe something was incorrect with your command line to export the items from keychain. What was the exact command (try it again, if you still have the 0 length file and haven't dumped the contents of the local icloud keychain).

  • click_clik
    click_clik
    Community Member

    I exported the items using the exact security command in the README file, using the correct keychain name. However I did not receive any presentation of passwords or requests to confirm as outlined in the README.

    Which exact command would you like to see?

  • click_clik
    click_clik
    Community Member

    Hoping these screenshots and the commands help!

  • click_clik
    click_clik
    Community Member

    Message when trying to pull local-icloud.keychain file onto the Apple Script Converter:

    https://codepaste.net/kxj4yo

  • MrC
    MrC
    Volunteer Moderator

    @click_clik ,

    If the command is correct, and the items are exportable, you will get password prompts. It is possible the passwords are not exportable. Apple has not made this easy. Keychain is very closed.

    I need to see the exact security command you ran in the command window. Copy it, and paste it here. Command line syntax is precise.... inexperienced users often don't notice subtle differences, and believe they've entered the correct command. If you're certain you've used the correct command, we can presume security cannot access them.

  • MrC
    MrC
    Volunteer Moderator
    edited September 2017

    I'm confused about your results. That output cannot happen if the export file is empty.

  • click_clik
    click_clik
    Community Member

    https://codepaste.net/dokrem. Please let me know if this is what you mean. Sorry for the confusion and appreciate your help!

  • click_clik
    click_clik
    Community Member

    Just ran those two different codes again and created another blank file:

  • MrC
    MrC
    Volunteer Moderator
    edited September 2017

    You've posted two security command versions. The second one will never work:

    security dump-keychain -d /Users/NAME/Desktop local-icloud.keychain > ~/Desktop/pm_export-icloud.txt

    because the argument after -d should be just local-icloud.keychain and not /Users/NAME/Desktop local-icloud.keychain. The argument after -d is a keychain name, not a path (and you path would be incorrectly quoted for the shell anyway).

    This command is correct:

    security dump-keychain -d local-icloud.keychain > ~/Desktop/pm_export-icloud.txt

    but it is producing a 0-length keychain export apparently. So it looks like the security command did not, or cannot, export the items. I don't know which, since I can't see the dialogs that (should) appear.

    Throw away your pm_export-icloud.txt file, and re-run the security command that is correct above.

    As to the AppleScript helper, you are passing the other file named /Users/NAME/Desktop/local-icloud.keychain. I don't know what this file is, but assume you've saved the Keychain file itself there. That file cannot be converted - only the file created by the security command's output can be converted. This is why you are getting those errors - that file is a binary file.

    The Copy/Paste of the iCloud keychain will produce dialogs such as the following, the first one allowing access to the Local Items keychain:

    and if there is an error copying, it will produce:

    and then it will ask to unlock the iCloud keychain:

    The security command should produce many dialogs such as:

  • click_clik
    click_clik
    Community Member

    Yup, deleted pm_export_icloud.txt, ran the following security dump-keychain -d local-icloud.keychain > ~/Desktop/pm_export-icloud.txt, which produced another file called pm_export_icloud.txt that is zero bytes.

  • click_clik
    click_clik
    Community Member

  • MrC
    MrC
    Volunteer Moderator

    @click_clik,

    What output do you get when you issue the following command?

    security -v list-keychains

  • click_clik
    click_clik
    Community Member
    mn-NAME:~ NAME$ security -v list-keychains
    list-keychains
        "/Users/NAME/Library/Keychains/login.keychain-db"
        "/Users/NAME/Desktop/local-icloud.keychain"
        "/Library/Keychains/System.keychain"
    mn-NAME:~ NAME$ 
    
  • MrC
    MrC
    Volunteer Moderator

    @click_clik,

    Use Keychain Access to delete the local-icloud keychain. When the dialog appears, delete both the files and references.

    Create a brand new keychain, this time call it click. Let the system save it in the normal Keychains folder - don't change the location. Do the copy/paste again of the items from your icloud keychain to click.

    Now run the security dump command again:

    security dump-keychain -d click.keychain >| ~/Desktop/pm_export-click.txt

    Lets see how that goes.

This discussion has been closed.