Relief …


Some time ago, I was scripting some stuff that needed access to the Keychain. “Fine”, I thought, “there was the Keychain Scripting application that provided the necessary access and could even be called from Perl through Mac::Glue”.

Except that it proved to be broken! I could try whatever I wanted, but I was not able to access any key in my default keychain through any means of Apple Script. No. Way. kThe only thing I got was a key count of zero and errors when trying to access any key, be it by name or index or whatever.

I finally put the project to rest, relying on the plain old method of asking for the password on the shell. It worked but was not as elegant as a Mac application should be.

Sunflower Road## 9 months later …Today, I decided to give it another try. So, Google to the rescue. And, lo, behold, I found an something:

On [bynkii][] I found an entry, posted in July (So, long after I had my problems) that was based on the very same experience I had: All apps could access the Keychain, except Keychain Scripting.

So we do the keychain repair thing testing code, etc. My keychain works with everything BUT AppleScript. Every other keychain works with AppleScript. So in spite of denials from Apple, I have a sneaking feeling that something changed in the keychain file format between Jaguar and Panther.

He was wrong with respect to the file format. But fortunately, he found the reason for the failure:

ANY SSL key, public or private somehow screws Keychain scripting into the ground, and prevents it from getting a count of ANY keys in any keychain with public or private SSL keys. This is bad.

I removed my SSL private/public keys from my default keychain et voilà – everything worked like a charm. Bummer!

This was a big relief to me, as I was convinced that somehow, I’d seriously screwed up my keychain/Apple Script combo. So, until Apple fixes that thing, I keep the SSL keys to a new, dedicated keychain and’ll see how my system behaves this way.

What worries me most here is, that Panther’s been out for almost a year now, but no one at Apple’s seemed to have noticed that problem until now.[bynkii]:


No comments. Be the first to add one!
Add a comment.
We'll never share your email with anyone else. We use the Gravatar system to pull in pictures based on an anonymous hash.
Once you submit your comment, it will be moderated and then show up here shortly after.