How do you store a username/password in the Mac Keychain using Java?

Asked 28/7, 2011 at 5:31 Answered 17/12, 2017 at 21:33

I'd like to use the Mac KeyChain to store some username/password combinations for my Java Swing application to use to connect to external services on behalf of the user.

I have found a few sources demonstrating that you can get access to a java.security.KeyStore object by doing:

KeyStore keyStore = KeyStore.getInstance("KeychainStore", "Apple");
keyStore.load(null, null);

However, I can't find any examples of how you use the resulting KeyStore to actually store/retrieve usernames and passwords.

Any help would be greatly appreciated.

Thanks!

Scranton answered 28/7, 2011 at 5:31 Comment(3)

This issue is discussed here: #728312. See user erickson's response. – Relinquish 2/8, 2011 at 20:54

If I were to go that route, I'd have to be distributing the private key with the app. That doesn't really seem like the best solution to me. Isn't there a way to store passwords in the keychain like regular mac apps do? – Scranton 23/8, 2011 at 4:48

Looks like you are trying to use java.security.KeyStore to access the Apple Keychain Services. KeyStore is an abstract wrapper around many providers. This approach limits the ability to use specific features of an implementation. Here is a more specific wrapper: github.com/conormcd/osx-keychain-java Also here is the example of using the service see (fig 1-3) developer.apple.com/library/ios/documentation/Security/… – Stamata 7/4, 2015 at 18:31

You cannot get there "Apple Keychain passwords" from here "Java KeyStore"

The keystore abstraction only wraps the certs in the keychain.

See the difference between the native view of the keychain (bash cmd):

security dump ~/Library/Keychains/login.keychain

vs Java's view of the keychain (bash cmd):

keytool -list -storetype KeychainStore -keystore ~/Library/Keychains/login.keychain

Notice that only certificates are included and the listing is shorter.

You will need to use a different wrapper for Keychain that can access all of it's features.

Suggestions:

github.com/conormcd/osx-keychain-java
use swig to make JNI wrapper

Also read the native docs: Keychain Services Concepts -- OS X Keychain Services Tasks (see figure 1-3)

Stamata answered 7/4, 2015 at 19:45 Comment(1)

You can inspect the wrapper to see if I missed a possible path: cr.openjdk.java.net/~michaelm/7113349/7u4/4/jdk7u-osx/new/src/… – Stamata 7/4, 2015 at 19:46

You could "shell out" to the security commandline tool, which lets you store and retrieve passwords from the keychain. It might bring up a popup where you have to allow the access. Also, this does obviously then only work on OSX.

A password could be saved like so:

security add-generic-password -s mywonderfulapp -a $username -w $password

To retrieve the password you could then do this:

security -i find-generic-password -l mywonderfulapp -w

To make it easier to capture the output you could use the JProc library, e.g. like so:

String password = ProcBuilder.run(
    "security", 
    "-i", "find-generic-password", 
    "-l", "mywonderfulapp", "-w"
);

Ramachandra answered 17/12, 2017 at 21:33 Comment(1)

This helps me to store the credentials in the key chain and the library you mentioned. – Roxanaroxane 7/8, 2019 at 9:26

The Java Development Guide for Mac OS X points to the reference documentation on java.security.KeyStore. I'm not familiar with KeyStore, but perhaps you'll find what you need there.

Vanderpool answered 28/7, 2011 at 6:39 Comment(2)

Unfortunately, it has not been at all helpful. It seems to be all about storing keys & certs, but I really need to store username/password combos. – Scranton 28/7, 2011 at 14:38

I think this is for the Java Keystore, not the macOS Keychain. I don't think it applies. – Deadman 20/1, 2022 at 23:40

Recommended topics

Hot tags