[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Modifying Emacs to use the Mac OS X Keychain Services
From: |
Michael Albinus |
Subject: |
Re: Modifying Emacs to use the Mac OS X Keychain Services |
Date: |
Tue, 07 Jun 2011 09:58:05 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) |
Ben Key <address@hidden> writes:
> Hello Michael,
Hi Ben,
> I am not certain which interpretation of the collection parameter you
> are advocating.
I tried to avoid a recommendation, because I don't know the Mac OS X
Keychain Services.
> It sounds like you are suggesting that I use the collection parameter
> to specify which keychain file to store the data in but I am not
> certain.
Reading your explanation of keychain files, it sounds natural.
> In this implementation I could interpret the value "default" to mean
> the default keychain (use nil for the keychain parameter for the
> various Keychain Services API functions) and the value "login" or
> "secrets:Login" to mean the login keychain (which is found at
> ~/Library/Keychains/login.keychain).
OK.
> Note that the various Keychain Services API functions accept a
> keychain parameter. This parameter can be nil to indicate that the
> default keychain should be used or a keychain reference opened by
> either SecKeychainOpen or SecKeychainCreate. Both SecKeychainOpen or
> SecKeychainCreate provide a reference to a keychain file specified by
> a full path and file name. As a result, in this implementation if the
> collection parameter is "login" or "secrets:Login" I would use
> SecKeychainOpen to open the keychain file keychain file
> ~/Library/Keychains/login.keychain and use the returned keychain
> reference.
OK.
> There is no direct equivalent to the session keychain in Mac OS X. I
> suppose I could make an Emacs session keychain by using the file
> ~/Library/Keychains/emacs-session.keychain and using the function
> SecKeychainDelete to clear the keychain file on first use.
The major idea of the "session" collection is to NOT store secrets
permanently. Therefore, I would recommend that you raise an error "not
available" or something like this, if somebody uses the "session"
collection in your case.
> Is this the interpretation of the collection parameter that I should
> use? If so, just let me know.
Yes, please go on.
Best regards, Michael.