From f568436db0a1bbb6da96b9443bc1043487d5fc5e Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 25 Nov 2009 02:42:39 +0000 Subject: Move the GetSecret, SetSecret and GetSecrets methods. Move to more relevant interfaces, and add secret parameter to CreateItem. --- secret-service/org.freedesktop.Secrets.xml | 71 ++++++++++++++++-------------- secret-service/specification.xml | 34 +++++++------- 2 files changed, 54 insertions(+), 51 deletions(-) diff --git a/secret-service/org.freedesktop.Secrets.xml b/secret-service/org.freedesktop.Secrets.xml index b645022..cce5ddf 100644 --- a/secret-service/org.freedesktop.Secrets.xml +++ b/secret-service/org.freedesktop.Secrets.xml @@ -49,14 +49,14 @@ The Secret type holds a (possibly encoded) secret. - - Algorithm used to encode the secrets value. + + The session that was used to encode the secret. Algorithm dependent parameters for secret value encoding. @@ -71,7 +71,7 @@ D-Bus object-path - + A secret @@ -159,6 +159,19 @@ + + Retrieve multiple secrets from different items. + + Items to get secrets for. + + + The session to use to encode the secrets. + + + Secrets for the items. + + + A collection was created. @@ -240,6 +253,9 @@ The properties for the new item. + + The secret to store in the item, encoded with the included session. + Whether to replace an item with the same attributes or not. @@ -317,6 +333,23 @@ + + Retrieve the secret for this item. + + The session to use to encode the secret. + + + The secret retrieved. + + + + + Set the secret for this item. + + The secret to set, encoded for the included session. + + + @@ -357,36 +390,6 @@ - - Retrieve the secret for this item. - - The path to the secret we want to retrieve. - - - The secret retrieved. - - - - - Set the secret for this item. - - The path to the secret we want to retrieve. - - - The secret retrieved. - - - - - Retrieve multiple secrets from different items. - - Items to get secrets for. - - - Secrets for the items. - - - diff --git a/secret-service/specification.xml b/secret-service/specification.xml index f0314a7..97d4b3b 100644 --- a/secret-service/specification.xml +++ b/secret-service/specification.xml @@ -54,6 +54,10 @@ The attributes can be used to lookup and retrieve a secret at a later date. The lookup attributes are not treated as secret material, and the service may choose to not encrypt attributes when storing them to disk. + + This API was desigened by GNOME and KDE developers with the goal of having + a common way to store secrets. Its predecessors are the desktop specific APIs + used by GNOME Keyring and KWallet. @@ -223,32 +227,28 @@ Transfer of Secrets To access or store secrets, use the - GetSecret(), - GetSecrets(), - SetSecret() - methods on the session interface. + GetSecret(), + SetSecret() + methods on the item interface, or the + GetSecrets(), + method on the service interface. - Since this is a D-Bus API, the data in all method calls and other accesses - in this API will go through multiple processes, and may be cached arbitrarily - by the OS or elsewhere. + You must specify a session when retrieving or storing a secret. The session + controls how the secret is encoded during transfer. Since this is a D-Bus API, the + data in all method calls and other accesses in this API will go through multiple + processes, and may be cached arbitrarilyby the OS or elsewhere. The Secrets API has provision to encrypt secrets while in transit between - the service and the client application. - - The encryption is not envisioned to withstand man in the middle attacks, or - other active attacks. It is envisioned to minimize storage of plain text secrets - in memory and prevent storage plain text storage of secrets in a swap file or other - caching mechanism. + the service and the client application. The encryption is not envisioned to withstand + man in the middle attacks, or other active attacks. It is envisioned to minimize + storage of plain text secrets in memory and prevent storage plain text storage of + secrets in a swap file or other caching mechanism. Many client applications may choose not to make use of the provisions to encrypt secrets in transit. In fact for applications unable to prevent their own memory from being paged to disk (eg: Java, C# or Python apps), transfering encrypted secrets would be an excersize of questionable value. - This API was desigened by GNOME and KDE developers with the goal of having - a common way to store secrets. Its predecessors are the desktop specific APIs - used by GNOME Keyring and KWallet. -
Negotiation of Algorithms -- cgit v1.2.3-70-g09d2