Currently, the protocol suggests two mechanisms ("algorithms") to transfer secrets: "plain" and "dh-ietf1024-sha256-aes128-cbc-pkcs7".
The former sends secret data in plaintext, while the latter encrypts the secret beforehand, though the wire encryption protocol is homebrew and the used crypto algorithm, namely 1024-bit 'Second Oakley Group', is being deprecated.
On the other hand, there is more secure mechanism to transfer sensitive data over D-Bus: sending it through a out-of-band channel, using file descriptor passing. This patch adds a new mechanism "external", in addition to a couple of D-Bus methods (GetSecretFromFd and SetSecretFromFd) to support the use of file descriptor passing.