-
Notifications
You must be signed in to change notification settings - Fork 8
Conversation
Also clean up error handling.
Also add a bunch of helper functions.
Also merge in some changes from upstream, including checks for UTF-8 and 32-bit sizes.
Also add some utility functions to convert to and from CoreFoundation types.
This mitigates the vulnerability described in keybase/client#484 .
…[]byte to avoid unnecessary encoding.
These changes will be redone.
Uses SecKeychainItemCreateFromContent to add application access on create. See "Creating a Custom Keychain Item" for more info: https://developer.apple.com/library/ios/documentation/Security/Conceptual/keychainServConcepts/03tasks/tasks.html#//apple_ref/doc/uid/TP30000897-CH205-TPXREF7
Create keychain item with access for an additional application.
Thanks for putting this together. I will review it soon. Looks like a small conflict (probably due to just-merged Solaris build I'm more than willing to review and merge any PRs, including this one, but On Thursday, September 3, 2015, Lachlan Donald notifications@github.com
|
This (and the MIT license) looks good to me! |
I've started looking at this, but it's impossible to merge in its current state due to conflicts. I'll need to spend some time reconciling that unless you can do so. A couple of other things I noticed on the first pass:
|
@lox I started using InternetPassword because it seemed simpler at the time (given how much I was struggling to get anything working here). I don't know whether I should just be using GenericPassword instead. In general, I would prefer that this library map closely to the underlying API primitives in the Keychain Services APIs. We shouldn't try to offer a higher level abstraction that makes it harder to map from Keychain concepts and docs to this package. If there's a good opportunity to build such an abstraction to simplify usage for those who don't necessarily care about the underlying details, I'd prefer that be built alongside the basic building blocks or in another package. I still think most of the stuff in here is good, though, and will spend some time trying to reconcile the two forks. |
internet passwords are pretty different (have more options) from generic passwords, I think. If no one is actually using the internet password code, though, I'd prefer just ripping it out. We can always add it back later when it's needed! I'll try and add docs for exported stuff (in the keybase fork). |
Okay, added docs and fixed golint warnings. |
@akalin-keybase might be worth you opening a new PR directly from the keybase master? |
In the spirit of getting upstream back to the canonical home for this package, this PR includes the changes that @akalin and @gabriel have made:
Thoughts on merging this in and then iterating somewhat on the API after some discussion?