Possible to sync Mac Keychain Passwords to iPhone offline?

[AdiosVista]

Hi there, I'm using Mac desktop's keychain for storing site passwords and want to sync those to my iPhone without using iCloud (or any other method that involves my logins going online). Is there an offline way to manually achieve this? Would airdrop be an option for bulk sharing? Or does backing up also sync keychain passwords between devices without that data hitting icloud servers?

 

[Bigwaff]

want to sync those to my iPhone without using iCloud (or any other method that involves my logins going online)

I’ve never heard of any process to do what you ask. The Keychain data is encrypted and only your devices can decrypt it. Not even Apple can decrypt your Keychain data. What’s your concern?

 

[NoBoMac]

MIGHT be able to export passwords, just not sure if tied to iCloud Keychain or not. On Ventura, Settings > Passwords > three dots > Export all passwords. Will get a csv file.

However, don't think there is a way to import into iOS as the csv file is meant to move to a new/different password system/service. Can always create and encrypted spread sheet from this and sync via iCloud/Dropbox/etc or use local transfer via file sharing option in iTunes/Finder.

And backup is just that, a backup. The is no syncing of anything between devices when backing up.

If none of this is acceptable, most likely will need to "roll your own" solution.

 

[bogdanw]

The Keychain data is encrypted and only your devices can decrypt it. Not even Apple can decrypt your Keychain data.

https://www.google.com/search?q=decrypt Keychain&hl=en-US&gl=US

 

[NoBoMac]

Don't think the link says what you think it does. And apples to oranges.

iCloud Keychain is end-to-end encrypted, and Apple does not have the key for that.

Keychains, in general, are safe but not unbreakable. In short, greatly helps to have physical access to the devices. If one does not have physical access and has only files taken from said devices or backups, still need to know user's devices' passcodes, Apple ID password, by-pass user's 2FA to get the process going.

From the ElcomSoft presentation conclusions:

• Sync and recovery: different approaches
• Trusted circle: not hard to get in, but leaves traces
• Both sync and recovery can be used (mixed)
• Need to have credentials
• Need to have trusted device
  ...or SMS
• Need to know iCSC
  ...or device passcode
• Legacy 2SV: forget it
• With 2FA, keychain is always stored in iCloud
• No 2FA, no iCSC: most safe from TLA?
• Get Continuation token (+machine ID) to obtain full access without anything else!
• ...implementation is still relatively secure

If some three-letter organization is looking to get into your stuff, one is out of luck as they have probably impounded all of one's gizmos and have physical access. Some rando or local po-po getting anything secretly, not happening unless one falls for a phishing scam.

 

[AdiosVista]

Thank you all for the replies! Hmm, the export to CSV is very interesting, wondering if you could help me brainstorm a manual process for that (still offline). Like I export all on my Mac desktop to CSV, copy to flash drive, connect that to iPhone, then import?

I know this is over-the-top paranoia but it's more of a personal stance. I was using 1Password 7 happily with LAN sync and they're forcing 1Password 8 users to go online. I can't stand when companies do that. Sure, it's encrypted but if I have the choice to keep sensitive data offline, I'm always going that route.

 

[Bigwaff]

To each is own but I think you are just making your life harder than it needs to be. AgileBits can’t decrypt your vaults. Even if a hacker got access to the vault data somehow, they could not decrypt your vaults. Only you can decrypt your vaults using your credentials and, if necessary, the secret key. This is why it is so important save your “Emergency Kit”.