The Keychain

The keychain is a feature from older non-Unix versions of MacOS (MacOS 9 and further back). The keychain is not a mainstream Unix thing.

The keychain is a MacOS X service with an API that app developers can use to hold users passwords for various applications. It is a secure store of passwords and encryption keys. Instead of remembering one passwd per app, the user only needs to remember the keychain passwd.

For example, BBEdit for Mac OS X includes Keychain support for FTP site passwords (see BBEdit Preferences:FTP Settings for more information). By using the Keychain, BBEdit can securely store your FTP site passwords. To access them, you need only your Keychain password.

The Keychain can store encryption keys as well as passwords. With other UNIX flavors, private portions of encryption keys (like SSL certificates) are stored in regular files and protected only by UNIX file permissions and thus can be copied if a user has sufficient privileges. Using the Keychain, the private portion of the key cannot be copied, making it harder for an attacker to get the key to use on another machine in an impersonation attack.

There is some info about Keychains and Unix security http://developer.apple.com/internet/macosx/securitycompare.html.