Cyberduck Mountain Duck CLI

#9946 closed enhancement (worksforme)

Keychain on Windows?

Reported by: petermichelson Owned by:
Priority: normal Milestone:
Component: interface Version: 6.0
Severity: normal Keywords: keychain
Cc: Architecture:
Platform: Windows 7


I noticed the option to save credentials in keychain. I guess that's for Mac only or would it also utilize the Windows vault?

Where is password/authentication information stored in Windows? What happens when someone hacks into a Windows account by resetting a users' password? And finally, if that keychain option is just for Mac, why is it displayed at all in the Windows version?

Change History (5)

comment:1 Changed on May 18, 2017 at 3:33:29 PM by dkocher

  • Resolution set to fixed
  • Status changed from new to closed

On Windows, passwords are encrypted using the Windows Data Protection API (​DPAPI) and stored in the user.config file in the ​application support directory.

comment:2 Changed on May 18, 2017 at 3:56:20 PM by petermichelson

  • Component changed from core to interface
  • Resolution fixed deleted
  • Status changed from closed to reopened

Thanks for the reply. So if the keychain setting in preferences isn't applicable to Windows, I'd suggest not showing it in the Windows version as it serves no purpose. It's just confusing.

comment:3 Changed on May 18, 2017 at 6:28:19 PM by petermichelson

So I was also testing Google Drive and Cryptomator integration and observed the following:

  1. Create bookmark for Google Drive
  2. Access Cryptomator Vault in Google Drive by entering (and saving) master password.
  3. All works fine.
  4. Delete bookmark and history item.
  5. Close Cyberduck.
  6. Recreate Google Drive bookmark from scratch.
  7. Voila, it gives access to the Cryptomator vault without requiring the password again.

Strange. Where was the password saved in the meantime? Shouldn't it be deleted from the system when a bookmark is deleted?

comment:4 Changed on May 18, 2017 at 9:04:11 PM by dkocher

If you choose Save Password, the password for the vault is stored encrypted using the Windows Data Protection API in user.config on Windows and can be reused on later attempts to open the encrypted vault regardless of the bookmark used to connect.

comment:5 Changed on May 18, 2017 at 9:05:00 PM by dkocher

  • Resolution set to worksforme
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.