in Security

OSX Keydrain Bug

I found a really nasty OSX Keychain bug today. It shalt be called: Keydrain

It’s a user interaction bug and lets private keys disappear. It’s reproduceable on OSX Mavericks:

  • Open your Keychain
  • Move any certificate with a private key to another keychain
  • When asked for the passphrase press Escape
  • An error message appears: “An unknown Error occured, User cancelled the operation”
  • Press Escape again
  • Success. The private key is gone.

Or is it? No. Luckily, it just appears to be gone. Search for the specific certificate’s name and it will be shown. Move it again (without aborting) and it will be accessible as always.

Thank you Apple for giving me a heart attack. The next time you release an operating system as bad as Mavericks,… oh wait. Mavericks is a surfing location in California, known for it’s deadly waves? Maybe I shouldn’t have installed it in the first place.