Re: can emacs use the mac os x keychain?

[David Reitter]

On Jul 29, 2010, at 9:17 AM, Ted Zlatanov wrote:
> 
> AR> A useful-sounding idea but seems mainly like something that would be
> AR> a third-party package or maybe part of Aquamacs.  Are there any
> AR> platform-independent parts of the needed functionality that the NS
> AR> port lacks and Emacs on X11 or W32 has?
> 
...
> Assuming we get the NS port access to the Mac OS X keychain, that leaves
> W32 as the only major platform lacking keychain support.  I don't
> believe W32 has a standard keychain so that may be OK.

I principle, the C part would be fairly simple.  There are separate functions 
for "internet passwords", which retrieve and store passwords for a 
host/port/account combination.

Am I right assuming that we would need an API paralleling that provided by 
secrets.el?

There are a few issues as far as I can see:

- The user is prompted via a graphical dialog to unlock a keychain (i.e., to 
provide a password protecting all the passwords).  When in TTY, we shouldn't do 
this, but unlock the keychain ourselves, i.e., read a password from the user 
via a (password) minibuffer.  This sort of interaction would have to be handled 
by an extra Lisp layer.  (Once the application is trusted, this prompt would go 
away.)   How is this done in GNOME?

- Any passwords that we obtain would probably have to be copied so we can 
return them as a Lisp string.  What provisions are in place in order to protect 
the copy and guarantee its deletion after use?


http://developer.apple.com/mac/library/documentation/Security/Reference/keychainservices/Reference/reference.html#//apple_ref/c/func/SecKeychainFindInternetPassword