emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modifying Emacs to use the Mac OS X Keychain Services


From: Michael Albinus
Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services
Date: Tue, 07 Jun 2011 09:58:05 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Ben Key <address@hidden> writes:

> Hello Michael,

Hi Ben,

> I am not certain which interpretation of the collection parameter you
> are advocating.

I tried to avoid a recommendation, because I don't know the Mac OS X
Keychain Services.

> It sounds like you are suggesting that I use the collection parameter
> to specify which keychain file to store the data in but I am not
> certain.

Reading your explanation of keychain files, it sounds natural.

> In this implementation I could interpret the value "default" to mean
> the default keychain (use nil for the keychain parameter for the
> various Keychain Services API functions) and the value "login" or
> "secrets:Login" to mean the login keychain (which is found at
> ~/Library/Keychains/login.keychain).

OK.

> Note that the various Keychain Services API functions accept a
> keychain parameter.  This parameter can be nil to indicate that the
> default keychain should be used or a keychain reference opened by
> either SecKeychainOpen or SecKeychainCreate.  Both SecKeychainOpen or
> SecKeychainCreate provide a reference to a keychain file specified by
> a full path and file name.  As a result, in this implementation if the
> collection parameter is "login" or "secrets:Login" I would use
> SecKeychainOpen to open the keychain file keychain file
> ~/Library/Keychains/login.keychain and use the returned keychain
> reference.

OK.

> There is no direct equivalent to the session keychain in Mac OS X.  I
> suppose I could make an Emacs session keychain by using the file
> ~/Library/Keychains/emacs-session.keychain and using the function
> SecKeychainDelete to clear the keychain file on first use.

The major idea of the "session" collection is to NOT store secrets
permanently. Therefore, I would recommend that you raise an error "not
available" or something like this, if somebody uses the "session"
collection in your case.

> Is this the interpretation of the collection parameter that I should
> use?  If so, just let me know.

Yes, please go on.

Best regards, Michael.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]