A keychain is a file that holds passwords and certificates as well as information about those passwords and certificates. For the purposes of this chapter, “password” is used interchangeably with “password or certificate.” Each user can have several keychains, but most people only have one: ~/Library/Keychains/login.keychain. There is a set of functions and data structures in the Security framework that allow you to read and write passwords and their associated data. A password and its associated data is known as a keychain item.
Users can inspect their keychains using the application Keychain Access, as shown in Figure 23.1:
Figure 23.1 The Keychain Access application
Some data inside the keychain is encrypted and ...