From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.devel Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services Date: Tue, 07 Jun 2011 09:58:05 +0200 Message-ID: <87y61ekr8y.fsf@gmx.de> References: <8739jmso4c.fsf@gmx.de> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1307433513 17251 80.91.229.12 (7 Jun 2011 07:58:33 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 7 Jun 2011 07:58:33 +0000 (UTC) Cc: tzz@lifelogs.com, Emacs Development To: Ben Key Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jun 07 09:58:28 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QTrBE-0002EB-Ia for ged-emacs-devel@m.gmane.org; Tue, 07 Jun 2011 09:58:28 +0200 Original-Received: from localhost ([::1]:35402 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QTrBD-0001ES-8J for ged-emacs-devel@m.gmane.org; Tue, 07 Jun 2011 03:58:27 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:45463) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QTrAy-0001EK-Ei for Emacs-devel@gnu.org; Tue, 07 Jun 2011 03:58:13 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QTrAx-0008WH-Fb for Emacs-devel@gnu.org; Tue, 07 Jun 2011 03:58:12 -0400 Original-Received: from mailout-de.gmx.net ([213.165.64.23]:34198) by eggs.gnu.org with smtp (Exim 4.71) (envelope-from ) id 1QTrAx-0008WB-3n for Emacs-devel@gnu.org; Tue, 07 Jun 2011 03:58:11 -0400 Original-Received: (qmail invoked by alias); 07 Jun 2011 07:58:08 -0000 Original-Received: from p57BB991A.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [87.187.153.26] by mail.gmx.net (mp059) with SMTP; 07 Jun 2011 09:58:08 +0200 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX18j4mZxLxUj5g+nhJloKTRFzvu8IlLLifsQoROj5M WYuRyGEsM85Obu In-Reply-To: (Ben Key's message of "Mon, 6 Jun 2011 22:34:06 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-Y-GMX-Trusted: 0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 213.165.64.23 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:140257 Archived-At: Ben Key writes: > Hello Michael, Hi Ben, > I am not certain which interpretation of the collection parameter you > are advocating. I tried to avoid a recommendation, because I don't know the Mac OS X Keychain Services. > It sounds like you are suggesting that I use the collection parameter > to specify which keychain file to store the data in but I am not > certain. Reading your explanation of keychain files, it sounds natural. > In this implementation I could interpret the value "default" to mean > the default keychain (use nil for the keychain parameter for the > various Keychain Services API functions) and the value "login" or > "secrets:Login" to mean the login keychain (which is found at > ~/Library/Keychains/login.keychain). OK. > Note that the various Keychain Services API functions accept a > keychain parameter.=C2=A0 This parameter can be nil to indicate that the > default keychain should be used or a keychain reference opened by > either SecKeychainOpen or SecKeychainCreate.=C2=A0 Both SecKeychainOpen or > SecKeychainCreate provide a reference to a keychain file specified by > a full path and file name.=C2=A0 As a result, in this implementation if t= he > collection parameter is "login" or "secrets:Login" I would use > SecKeychainOpen to open the keychain file keychain file > ~/Library/Keychains/login.keychain and use the returned keychain > reference. OK. > There is no direct equivalent to the session keychain in Mac OS X.=C2=A0 I > suppose I could make an Emacs session keychain by using the file > ~/Library/Keychains/emacs-session.keychain and using the function > SecKeychainDelete to clear the keychain file on first use. The major idea of the "session" collection is to NOT store secrets permanently. Therefore, I would recommend that you raise an error "not available" or something like this, if somebody uses the "session" collection in your case. > Is this the interpretation of the collection parameter that I should > use?=C2=A0 If so, just let me know. Yes, please go on. Best regards, Michael.