Support secret transfer via dh-ietf1024-sha256-aes128-cbc-pkcs7
mrueg opened this issue · comments
As of now, go-keyring only supports "plain" to transfer secrets.
It would be nice if go-keyring would support dh-ietf1024-sha256-aes128-cbc-pkcs7 as well as defined in here:
https://specifications.freedesktop.org/secret-service/latest/ch07s03.html
Further context: #66 (comment)
Kwallet recently added support for Secret Service API.
Looks like this does not work as "plain" Algorithm is not supported. Trying to use it, I get:
Algorithm plain is not supported. (only dh-ietf1024-sha256-aes128-cbc-pkcs7 is supported)
See: https://invent.kde.org/frameworks/kwallet/-/blob/master/src/runtime/kwalletd/kwalletfreedesktopservice.cpp#L265Probably either kwallet should add support for plain, or maybe
could be changed to use other algorithms as well.
I tried to add a simple solution for this in #83
Can someone using kwallet try it out and report back whether this works or not?
Heh, #83 looked similar to my initial attempt as well. Unfortunately it did not work, as you need to prepare, handle and manage keys for DH.
Here's an implementation:
https://github.com/mvdan/bitw/blob/438196b7e8f07113742d2c5b3c2498f3f3638df8/dbus.go#L93
FWIW KDE/KWallet folks are working on supporting plain here: https://invent.kde.org/frameworks/kwallet/-/merge_requests/35