* Re: can emacs use the mac os x keychain? [not found] ` <87r5iq1hjk.fsf@lifelogs.com> @ 2010-07-28 14:53 ` Ted Zlatanov 2010-07-29 4:31 ` Adrian Robert 2010-07-30 0:13 ` YAMAMOTO Mitsuharu 0 siblings, 2 replies; 14+ messages in thread From: Ted Zlatanov @ 2010-07-28 14:53 UTC (permalink / raw) To: Emacs Development, adrian.b.robert On Mon, 26 Jul 2010 08:47:27 -0500 Ted Zlatanov <tzz@lifelogs.com> wrote: TZ> On Sat, 24 Jul 2010 20:36:18 -0700 (PDT) vm user <emacs_user@hotmail.com> wrote: vu> On Jul 1, 12:20 pm, Ted Zlatanov <t...@lifelogs.com> wrote: >>> Unless there's a helper program or support inside Emacs (the latter is >>> unlikely IMO) it's not possible to query this API from within Emacs. vu> I am quite an ignorant in these things, but does the following help? vu> http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code TZ> That seems useful. I think auth-source needs a general protocol to talk TZ> to helper applications when Emacs itself doesn't support it. This can TZ> be tricky because of the security implications of passing passwords. TZ> EPG does it well but I don't know the specifics. So there's really TZ> three parts: TZ> 1) define a helper protocol to pass auth request parameters in the TZ> environment somehow TZ> 2) read the password back securely TZ> 3) write an implementation that works with the Mac OS X keychain Adrian, is there any chance that the NS Emacs port can provide those keychain functions through an ELisp layer? It would make it easier and more secure to get user passwords, plus users wouldn't need to install the helper program. I don't know if there are any linking issues with that, so cc-ing emacs-devel as well. Thanks Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-28 14:53 ` can emacs use the mac os x keychain? Ted Zlatanov @ 2010-07-29 4:31 ` Adrian Robert 2010-07-29 13:01 ` Stefan Monnier 2010-07-29 13:17 ` Ted Zlatanov 2010-07-30 0:13 ` YAMAMOTO Mitsuharu 1 sibling, 2 replies; 14+ messages in thread From: Adrian Robert @ 2010-07-29 4:31 UTC (permalink / raw) To: Ted Zlatanov; +Cc: Emacs Development > TZ> 1) define a helper protocol to pass auth request parameters in the > TZ> environment somehow > > TZ> 2) read the password back securely > > TZ> 3) write an implementation that works with the Mac OS X keychain > > Adrian, is there any chance that the NS Emacs port can provide those > keychain functions through an ELisp layer? It would make it easier and > more secure to get user passwords, plus users wouldn't need to install > the helper program. A useful-sounding idea but seems mainly like something that would be a third-party package or maybe part of Aquamacs. Are there any platform-independent parts of the needed functionality that the NS port lacks and Emacs on X11 or W32 has? ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-29 4:31 ` Adrian Robert @ 2010-07-29 13:01 ` Stefan Monnier 2010-07-30 9:17 ` Richard Stallman 2010-07-29 13:17 ` Ted Zlatanov 1 sibling, 1 reply; 14+ messages in thread From: Stefan Monnier @ 2010-07-29 13:01 UTC (permalink / raw) To: Adrian Robert; +Cc: Ted Zlatanov, Emacs Development TZ> 1) define a helper protocol to pass auth request parameters in the TZ> environment somehow TZ> 2) read the password back securely TZ> 3) write an implementation that works with the Mac OS X keychain >> Adrian, is there any chance that the NS Emacs port can provide those >> keychain functions through an ELisp layer? It would make it easier and >> more secure to get user passwords, plus users wouldn't need to install >> the helper program. > A useful-sounding idea but seems mainly like something that would be > a third-party package or maybe part of Aquamacs. Why do you think so? I think access to the system's standard keychain facility would be good to have in general, on all systems. Stefan ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-29 13:01 ` Stefan Monnier @ 2010-07-30 9:17 ` Richard Stallman 2010-07-30 10:37 ` Stuart Hacking 2010-07-30 13:30 ` Ted Zlatanov 0 siblings, 2 replies; 14+ messages in thread From: Richard Stallman @ 2010-07-30 9:17 UTC (permalink / raw) To: Stefan Monnier; +Cc: tzz, adrian.b.robert, emacs-devel What does the "mac os X keychain" do? ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-30 9:17 ` Richard Stallman @ 2010-07-30 10:37 ` Stuart Hacking 2010-07-31 9:57 ` Richard Stallman 2010-07-30 13:30 ` Ted Zlatanov 1 sibling, 1 reply; 14+ messages in thread From: Stuart Hacking @ 2010-07-30 10:37 UTC (permalink / raw) To: rms; +Cc: tzz, adrian.b.robert, Stefan Monnier, emacs-devel On 30 July 2010 10:17, Richard Stallman <rms@gnu.org> wrote: > What does the "mac os X keychain" do? > > It provides a central facility for storing secure information. from Wikipedia: "A Keychain can contain various types of data: passwords (Websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates and secure notes." ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-30 10:37 ` Stuart Hacking @ 2010-07-31 9:57 ` Richard Stallman 0 siblings, 0 replies; 14+ messages in thread From: Richard Stallman @ 2010-07-31 9:57 UTC (permalink / raw) To: Stuart Hacking; +Cc: tzz, adrian.b.robert, monnier, emacs-devel "A Keychain can contain various types of data: passwords (Websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates and secure notes." This is a sufficiently minor thing that it is ok of Emacs can use it. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-30 9:17 ` Richard Stallman 2010-07-30 10:37 ` Stuart Hacking @ 2010-07-30 13:30 ` Ted Zlatanov 1 sibling, 0 replies; 14+ messages in thread From: Ted Zlatanov @ 2010-07-30 13:30 UTC (permalink / raw) To: emacs-devel On Fri, 30 Jul 2010 05:17:08 -0400 Richard Stallman <rms@gnu.org> wrote: RS> What does the "mac os X keychain" do? To add to Stuart Hacking's description: the GNOME analogue is Seahorse; KDE's is KWallet I believe. On Mac OS X the keychain is more deeply integrated with the OS, though, so for instance the unlock dialog is always presented the same way and only when necessary. Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-29 4:31 ` Adrian Robert 2010-07-29 13:01 ` Stefan Monnier @ 2010-07-29 13:17 ` Ted Zlatanov 2010-07-29 18:52 ` David Reitter 1 sibling, 1 reply; 14+ messages in thread From: Ted Zlatanov @ 2010-07-29 13:17 UTC (permalink / raw) To: emacs-devel On Thu, 29 Jul 2010 07:31:43 +0300 Adrian Robert <adrian.b.robert@gmail.com> wrote: TZ> 1) define a helper protocol to pass auth request parameters in the TZ> environment somehow >> TZ> 2) read the password back securely >> TZ> 3) write an implementation that works with the Mac OS X keychain >> >> Adrian, is there any chance that the NS Emacs port can provide those >> keychain functions through an ELisp layer? It would make it easier and >> more secure to get user passwords, plus users wouldn't need to install >> the helper program. AR> A useful-sounding idea but seems mainly like something that would be AR> a third-party package or maybe part of Aquamacs. Are there any AR> platform-independent parts of the needed functionality that the NS AR> port lacks and Emacs on X11 or W32 has? A third-party package wouldn't get the C-level bindings that are necessary to make it reasonably secure. The platform-independent part is auth-source.el, which I have tried to hook into Emacs wherever authentication is needed. See auth.texi for more details. On Thu, 29 Jul 2010 15:01:50 +0200 Stefan Monnier <monnier@iro.umontreal.ca> wrote: SM> I think access to the system's standard keychain facility would be SM> good to have in general, on all systems. Thanks for Michael Albinus' work on auth-source.el, it now supports the Secrets API which is supposed to become the standard where D-Bus is available (so Emacs can interact with this API without helper apps if it has D-Bus support configured). auth.texi hasn't been updated with the Secrets API info because it's still experimental. Assuming we get the NS port access to the Mac OS X keychain, that leaves W32 as the only major platform lacking keychain support. I don't believe W32 has a standard keychain so that may be OK. Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-29 13:17 ` Ted Zlatanov @ 2010-07-29 18:52 ` David Reitter 2010-07-29 20:33 ` Ted Zlatanov 0 siblings, 1 reply; 14+ messages in thread From: David Reitter @ 2010-07-29 18:52 UTC (permalink / raw) To: Ted Zlatanov; +Cc: emacs-devel On Jul 29, 2010, at 9:17 AM, Ted Zlatanov wrote: > > AR> A useful-sounding idea but seems mainly like something that would be > AR> a third-party package or maybe part of Aquamacs. Are there any > AR> platform-independent parts of the needed functionality that the NS > AR> port lacks and Emacs on X11 or W32 has? > ... > Assuming we get the NS port access to the Mac OS X keychain, that leaves > W32 as the only major platform lacking keychain support. I don't > believe W32 has a standard keychain so that may be OK. I principle, the C part would be fairly simple. There are separate functions for "internet passwords", which retrieve and store passwords for a host/port/account combination. Am I right assuming that we would need an API paralleling that provided by secrets.el? There are a few issues as far as I can see: - The user is prompted via a graphical dialog to unlock a keychain (i.e., to provide a password protecting all the passwords). When in TTY, we shouldn't do this, but unlock the keychain ourselves, i.e., read a password from the user via a (password) minibuffer. This sort of interaction would have to be handled by an extra Lisp layer. (Once the application is trusted, this prompt would go away.) How is this done in GNOME? - Any passwords that we obtain would probably have to be copied so we can return them as a Lisp string. What provisions are in place in order to protect the copy and guarantee its deletion after use? http://developer.apple.com/mac/library/documentation/Security/Reference/keychainservices/Reference/reference.html#//apple_ref/c/func/SecKeychainFindInternetPassword ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-29 18:52 ` David Reitter @ 2010-07-29 20:33 ` Ted Zlatanov 0 siblings, 0 replies; 14+ messages in thread From: Ted Zlatanov @ 2010-07-29 20:33 UTC (permalink / raw) To: emacs-devel On Thu, 29 Jul 2010 14:52:14 -0400 David Reitter <david.reitter@gmail.com> wrote: DR> On Jul 29, 2010, at 9:17 AM, Ted Zlatanov wrote: >> AR> A useful-sounding idea but seems mainly like something that would be AR> a third-party package or maybe part of Aquamacs. Are there any AR> platform-independent parts of the needed functionality that the NS AR> port lacks and Emacs on X11 or W32 has? >> DR> ... >> Assuming we get the NS port access to the Mac OS X keychain, that leaves >> W32 as the only major platform lacking keychain support. I don't >> believe W32 has a standard keychain so that may be OK. DR> I principle, the C part would be fairly simple. There are separate DR> functions for "internet passwords", which retrieve and store DR> passwords for a host/port/account combination. DR> Am I right assuming that we would need an API paralleling that DR> provided by secrets.el? It can be different. auth-source.el folds the various backends under a common interface, so I think it's best to provide simple mappings to the underlying calls and let auth-source.el worry about the rest. The internet keychain calls, for instance, should be separated. DR> There are a few issues as far as I can see: DR> - The user is prompted via a graphical dialog to unlock a keychain DR> (i.e., to provide a password protecting all the passwords). When in DR> TTY, we shouldn't do this, but unlock the keychain ourselves, i.e., DR> read a password from the user via a (password) minibuffer. This DR> sort of interaction would have to be handled by an extra Lisp layer. DR> (Once the application is trusted, this prompt would go away.) How DR> is this done in GNOME? IMHO it's acceptable to unlock only from the GUI but I'm not opposed to what you describe. GNOME's Seahorse works only in X, not in the TTY. DR> - Any passwords that we obtain would probably have to be copied so DR> we can return them as a Lisp string. What provisions are in place DR> in order to protect the copy and guarantee its deletion after use? None from auth-source.el. I don't know if ELisp has any variable tags to do this protection but looking at the manual, I don't believe so. Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-28 14:53 ` can emacs use the mac os x keychain? Ted Zlatanov 2010-07-29 4:31 ` Adrian Robert @ 2010-07-30 0:13 ` YAMAMOTO Mitsuharu 2010-07-30 13:24 ` Ted Zlatanov 1 sibling, 1 reply; 14+ messages in thread From: YAMAMOTO Mitsuharu @ 2010-07-30 0:13 UTC (permalink / raw) To: Ted Zlatanov; +Cc: adrian.b.robert, Emacs Development >>>>> On Wed, 28 Jul 2010 09:53:03 -0500, Ted Zlatanov <tzz@lifelogs.com> said: > Adrian, is there any chance that the NS Emacs port can provide those > keychain functions through an ELisp layer? It would make it easier > and more secure to get user passwords, plus users wouldn't need to > install the helper program. Mac OS X 10.3 or later comes with a command line interface /usr/bin/security for keychains. Did you try it? Or do you mean it was not sufficient with respect to functionality or security? A merit of the use of an external program is that we can use it regardless of several builds on the platform including TTY-only and X11. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-30 0:13 ` YAMAMOTO Mitsuharu @ 2010-07-30 13:24 ` Ted Zlatanov 2010-08-01 1:44 ` YAMAMOTO Mitsuharu 0 siblings, 1 reply; 14+ messages in thread From: Ted Zlatanov @ 2010-07-30 13:24 UTC (permalink / raw) To: emacs-devel On Fri, 30 Jul 2010 09:13:22 +0900 YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp> wrote: >>>>>> On Wed, 28 Jul 2010 09:53:03 -0500, Ted Zlatanov <tzz@lifelogs.com> said: >> Adrian, is there any chance that the NS Emacs port can provide those >> keychain functions through an ELisp layer? It would make it easier >> and more secure to get user passwords, plus users wouldn't need to >> install the helper program. YM> Mac OS X 10.3 or later comes with a command line interface YM> /usr/bin/security for keychains. Did you try it? Or do you mean it YM> was not sufficient with respect to functionality or security? YM> A merit of the use of an external program is that we can use it YM> regardless of several builds on the platform including TTY-only and YM> X11. I didn't know about this helper app. Thank you for mentioning it. I expected to have to write a special one (see the original post in this thread). If it pops up the GUI dialog when possible, it's sufficient in terms of UI functionality, but we also have to worry about X11 and TTY modes (and what if you log in remotely over SSH?). If /usr/bin/security can handle regular and internet keychains (the two types David Reitter mentioned) then it's sufficient in terms of backend functionality. I don't think it can ever be as secure, however, as a direct C call, so for security I'd rather use direct C calls if that's an option. I am far from expert on Mac OS X issues so I'll go with whatever you, David Reitter, and Adrian Robert (and other experts on that platform) decide. Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-07-30 13:24 ` Ted Zlatanov @ 2010-08-01 1:44 ` YAMAMOTO Mitsuharu 2010-08-01 2:53 ` Ted Zlatanov 0 siblings, 1 reply; 14+ messages in thread From: YAMAMOTO Mitsuharu @ 2010-08-01 1:44 UTC (permalink / raw) To: Ted Zlatanov; +Cc: emacs-devel >>>>> On Fri, 30 Jul 2010 08:24:28 -0500, Ted Zlatanov <tzz@lifelogs.com> said: > If /usr/bin/security can handle regular and internet keychains (the > two types David Reitter mentioned) then it's sufficient in terms of > backend functionality. I don't think it can ever be as secure, > however, as a direct C call, so for security I'd rather use direct C > calls if that's an option. One drawback of the use of /usr/bin/security would be that the user might grant the generic command `security' access to the item by adding it to the "trusted applications" list in order to avoid the application access confirmation dialog. http://developer.apple.com/mac/library/documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-SW5 It might be desirable to call Keychain API directly rather than via the `security' command so that the keychain can know which application wants to access the item in a more specific way. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: can emacs use the mac os x keychain? 2010-08-01 1:44 ` YAMAMOTO Mitsuharu @ 2010-08-01 2:53 ` Ted Zlatanov 0 siblings, 0 replies; 14+ messages in thread From: Ted Zlatanov @ 2010-08-01 2:53 UTC (permalink / raw) To: emacs-devel; +Cc: adrian.b.robert On Sun, 01 Aug 2010 10:44:35 +0900 YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp> wrote: >>>>>> On Fri, 30 Jul 2010 08:24:28 -0500, Ted Zlatanov <tzz@lifelogs.com> said: >> If /usr/bin/security can handle regular and internet keychains (the >> two types David Reitter mentioned) then it's sufficient in terms of >> backend functionality. I don't think it can ever be as secure, >> however, as a direct C call, so for security I'd rather use direct C >> calls if that's an option. YM> One drawback of the use of /usr/bin/security would be that the user YM> might grant the generic command `security' access to the item by YM> adding it to the "trusted applications" list in order to avoid the YM> application access confirmation dialog. YM> It might be desirable to call Keychain API directly rather than via YM> the `security' command so that the keychain can know which application YM> wants to access the item in a more specific way. Thank you for your explanation. Since we are in agreement on using the C API directly, I hope you, David, or Adrian (or someone else willing to contribute) find the time to implement these calls and provide an ELisp layer on top. Thank you Ted ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2010-08-01 2:53 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <370a1897-25aa-418f-9631-1570dfa99de3@z7g2000yqb.googlegroups.com> [not found] ` <barmar-C56D33.00021721042010@news.eternal-september.org> [not found] ` <87633kaess.fsf@lifelogs.com> [not found] ` <8d7c78ee-6ba8-448a-8f86-3d585e1af77f@u32g2000vbc.googlegroups.com> [not found] ` <87vd8z2myy.fsf@lifelogs.com> [not found] ` <01ea3506-d715-491d-b360-3abf34e98013@i31g2000yqm.googlegroups.com> [not found] ` <87r5iq1hjk.fsf@lifelogs.com> 2010-07-28 14:53 ` can emacs use the mac os x keychain? Ted Zlatanov 2010-07-29 4:31 ` Adrian Robert 2010-07-29 13:01 ` Stefan Monnier 2010-07-30 9:17 ` Richard Stallman 2010-07-30 10:37 ` Stuart Hacking 2010-07-31 9:57 ` Richard Stallman 2010-07-30 13:30 ` Ted Zlatanov 2010-07-29 13:17 ` Ted Zlatanov 2010-07-29 18:52 ` David Reitter 2010-07-29 20:33 ` Ted Zlatanov 2010-07-30 0:13 ` YAMAMOTO Mitsuharu 2010-07-30 13:24 ` Ted Zlatanov 2010-08-01 1:44 ` YAMAMOTO Mitsuharu 2010-08-01 2:53 ` Ted Zlatanov
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).