Skip to content
Snippets Groups Projects

secret-service: add methods to transfer secrets via file descriptor

Open Daiki Ueno requested to merge dueno/xdg-specs:wip/dueno/kill-crypto into master

Currently, the protocol suggests two mechanisms ("algorithms") to transfer secrets: "plain" and "dh-ietf1024-sha256-aes128-cbc-pkcs7".

The former sends secret data in plaintext, while the latter encrypts the secret beforehand, though the wire encryption protocol is homebrew and the used crypto algorithm, namely 1024-bit 'Second Oakley Group', is being deprecated.

On the other hand, there is more secure mechanism to transfer sensitive data over D-Bus: sending it through a out-of-band channel, using file descriptor passing. This patch adds a new mechanism "external", in addition to a couple of D-Bus methods (GetSecretFromFd and SetSecretFromFd) to support the use of file descriptor passing.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading