[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modifying Emacs to use the Mac OS X Keychain Services

From: Ben Key
Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services
Date: Sat, 28 May 2011 12:16:53 -0500

Michael Albinus <address@hidden> wrote:
I'm not using OS X, could you, please, send me a pointer to the Keychain
Services API?

Some information on the Keychain Services API can be found at the Keychain Services Tasks for Mac OS X page found at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/03tasks/tasks.html.  More detailed information can be found at the Keychain Services Reference page found at http://developer.apple.com/library/mac/#documentation/Security/Reference/keychainservices/Reference/reference.html.

While the Keychain Services API does not exactly mirror the org.freedesktop.secrets interface it is possible to implement the same concepts expressed in secrets.el via the Keychain Services API.  For example, a ns-secrets-create-item function could be easily defined that has the same parameters as secrets-create-item.  This function would use SecKeychainOpen to open the keychain specified by the collection parameter, and if the call to SecKeychainOpen failed, it could use SecKeychainCreate to create the specified keychain.  It then could use SecKeychainAddGenericPassword to add the item specified by the item parameter with the password specified by the password parameter, to the opened or newly created keychain.  The attributes parameter could be processed by calling SecKeychainItemModifyAttributesAndData.

The ns-secrets-delete-item, ns-secrets-get-secret, and ns-secrets-get-attributes functions could also be written similarly.  I am not certain about the other functions, mainly because I have not yet finished my research.

The point is, I can implement ns- equivalents in C for most, if not all of the functions defined in secrets.el with the same parameters and nearly the same behavior.  I may even be able to make them behave exactly the same as their secrets.el counterparts.

Once the functions are defined in C, we can later decide how to call them from Lisp.  We can decide to call them from secrets.el by having each of the functions use the following psudeo code

(if (fboundp 'ns-{func})
  call ns-{func}
use dbus)

or we could add another auth source to auth-source.el.  Either way would work for me.

Perhaps I should just focus on writing the ns- equivalents of each of the secrets.el functions and we can decide later how to call them.  What do you think?

Note: I am not exactly certain how to parse the attributes parameter of my proposed
ns-secrets-create-item function.  If someone can point me to an example of how to process something like that in C it would be helpful.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]