Re: Modifying Emacs to use the Mac OS X Keychain Services

[Ted Zlatanov]

On Fri, 10 Jun 2011 19:30:31 -0500 Ben Key <address@hidden> wrote: 

BK> Ted Zlatanov wrote:

>> Please throw an error if the requested keychain doesn't exist, same as
>> above.

BK> It may be more useful to only throw the error for the "session" or
BK> "secrets:session" values for the keychain parameter and to handle
BK> values other than "login," "secrets:Login," "default,"
BK> "secrets:default," "session", or "secrets:session" as an indication
BK> that a keychain file named ~/Library/Keychains/{keychain}.keychain
BK> should be used.  If this keychain file exists, I can open it using
BK> SecKeychainOpen.  If the keychain file does not exist I can create it
BK> with SecKeychainCreate.  What do you think of this idea?

(we won't use the "secrets:" prefix, it will probably be "ns-keychain:"
or something like that)

Provide a `ns-keychain-open' and a `ns-keychain-create' (plus a
`ns-keychain-create-or-open' convenience function if you wish, and a
`ns-keychain-delete' if you think it's safe).

So the `ns-keychain-open' will throw an error if you try to open a
nonexistent keychain, including "session", and `ns-keychain-create' will
create whatever you ask (including "session"), only throwing an error if
the creation failed.

You may want to create access functions for keychain aliases
(create/delete/switch target) if the API supports that.

The rest we can handle at the auth-source level.

Thanks
Ted