From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: YAMAMOTO Mitsuharu Newsgroups: gmane.emacs.devel Subject: Re: can emacs use the mac os x keychain? Date: Sun, 01 Aug 2010 10:44:35 +0900 Organization: Faculty of Science, Chiba University Message-ID: References: <370a1897-25aa-418f-9631-1570dfa99de3@z7g2000yqb.googlegroups.com> <87633kaess.fsf@lifelogs.com> <8d7c78ee-6ba8-448a-8f86-3d585e1af77f@u32g2000vbc.googlegroups.com> <87vd8z2myy.fsf@lifelogs.com> <01ea3506-d715-491d-b360-3abf34e98013@i31g2000yqm.googlegroups.com> <87r5iq1hjk.fsf@lifelogs.com> <871vanu08g.fsf@lifelogs.com> <87sk31nlv7.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Trace: dough.gmane.org 1280627097 32104 80.91.229.12 (1 Aug 2010 01:44:57 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 1 Aug 2010 01:44:57 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Aug 01 03:44:56 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OfNbi-0005Lg-Su for ged-emacs-devel@m.gmane.org; Sun, 01 Aug 2010 03:44:55 +0200 Original-Received: from localhost ([127.0.0.1]:38120 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OfNbh-0003ZT-Qq for ged-emacs-devel@m.gmane.org; Sat, 31 Jul 2010 21:44:53 -0400 Original-Received: from [140.186.70.92] (port=52026 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OfNbX-0003Xq-Og for emacs-devel@gnu.org; Sat, 31 Jul 2010 21:44:47 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OfNbT-0003RJ-JK for emacs-devel@gnu.org; Sat, 31 Jul 2010 21:44:43 -0400 Original-Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:58450) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OfNbT-0003Q3-3R for emacs-devel@gnu.org; Sat, 31 Jul 2010 21:44:39 -0400 Original-Received: from church.math.s.chiba-u.ac.jp (church [133.82.132.36]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 4D462C0562; Sun, 1 Aug 2010 10:44:35 +0900 (JST) In-Reply-To: <87sk31nlv7.fsf@lifelogs.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.3 (sparc-sun-solaris2.8) MULE/5.0 (SAKAKI) X-detected-operating-system: by eggs.gnu.org: NetBSD 3.0 (DF) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:128073 Archived-At: >>>>> On Fri, 30 Jul 2010 08:24:28 -0500, Ted Zlatanov said: > If /usr/bin/security can handle regular and internet keychains (the > two types David Reitter mentioned) then it's sufficient in terms of > backend functionality. I don't think it can ever be as secure, > however, as a direct C call, so for security I'd rather use direct C > calls if that's an option. One drawback of the use of /usr/bin/security would be that the user might grant the generic command `security' access to the item by adding it to the "trusted applications" list in order to avoid the application access confirmation dialog. http://developer.apple.com/mac/library/documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-SW5 It might be desirable to call Keychain API directly rather than via the `security' command so that the keychain can know which application wants to access the item in a more specific way. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp