Hi Stef, finally found some time to answer this. On Thursday 19 March 2009 18:25:32 Stef Walter wrote: > > On Thursday 19 March 2009 03:32:26 you wrote: > >> Attached are my initial try at some dbus interfaces for secret storage. > >> Hopefully we can implement something like this in gnome-keyring. > One or two other things: > * Added, Removed, Changed signals needed. Yeah, that would be great. Created/Unlocked/Locked signals will be very useful as well. Like this the client will be able to display what's going on. > * The 'fields' arguments and properties are hash tables of > string -> string (name -> value). Integer fields and other > types of values are encoded (in a canonical way) as strings. Do you already have an idea how to work with items that contain several secrets? I seem to remember you mentioned that once. > <!-- > * Unlock the collection. This method may block for > * an indeterminate amount of time while authenticating. > --> > <method name="Unlock"> > </method> There's a problem with the "indeterminate" which I was facing in kwallet as well. dbus_connection_send_with_reply_and_block can not be called with an infinite timeout. The approach we used to work around it was using an "unlock" message call that returns a handle identifying the unlock-operation (before it completes) and a signal using that handle to notify the client of the keyring successfully unlocked. Of course you could also just use a huge timeout, but that seemed rather unclean and the chance of any given unlock operation failing was still there (and I would have needed to taken care of it in the client code). > * Secrets are transferred as a pair if strings, the first contains > cipher specific parameters (ie: IV etc.) I'd use a byte-array for the secret as it frees the implementation from having to convert everything to base64 or similar (string has to be valid utf-8). So that would be "(say)" I guess? Regards, Michael
Attachment:
signature.asc
Description: This is a digitally signed message part.