Hi there, I have drafted an API for a KWallet/GNOME keyring like functionality. The following items might not be self-explaining: * password_type - this is mostly thought for grouping the passwords in a Passwords managing application * password_flags - this can be used to automatically detect and convert certain password formats, like converting 0x... to a hex key, or whatever strange stuff things like WiFi thought would be a good idea. Those conversions are only enabled via flags, and won't be done automatically * service/subService - this is used to identify a password. For example, WebPositive could use "lists.my-server.com/my-list" as service, and "my-server.com" as sub-service; this way, it could have the same password for all of my-server.com by default, but still allow to have more than one password per site. Better naming suggestions are welcome :-) * keyring - is a password protected object that holds any number of passwords - if you unlock the keyring, you have access to all of its passwords. There will be a default keyring, but every application could have its own if wanted. * master password - this can be used to unlock all keyrings at once. * BPasswordRoster::GeneratePassword() can be used by applications like WebPositive to automatically generate secure passwords that can be used for logins, and are supposed to be completely maintained by the password roster. This way, you can use one easy to remember password locally, and have highly secure passwords for all online services. This might need user interaction, as there are some services out there that actually impose restrictions on passwords like a certain length, or even forbid certain characters. BPassword also supports binary keys, as well as to associate arbitrary data with the password. The latter could contain the user name, port number, or whatever else is needed for complete login credentials. Opinions and suggestions welcome. If this is basically okay, I would implement it, and make the network stuff (and maybe screen saver) use it. The service should live in the registrar IMO, and would automatically make sure that the passwords are stored in a secure way. I also want to add a session API that you can determine which application currently has access to what keyring, and a way to restrict access to only certain applications in the future. Furthermore, I would like to implement a deskbar tray icon that appears when you have access to any of the keyrings, and where you can deliberately quit that access at any time. It should be possible to configure the passwords to ask you only once per session, or as often as an application needs access to one. For now, I only intend to implement the basic services needed to make it work as far as I need it for the network stuff. The rest will grow over time. Please tell me what you think, and what else would be needed, or what is probably overkill. I only found the API to GNOME's solution, so if someone knows where I can find other solutions to learn from, I would appreciate it any hints. --------------8<-------------- class BPassword { public: enum password_type { B_WEB, B_NETWORK, B_VOLUME }; enum password_flags { B_CONVERT_IF_HEX = 0x01 // TODO! }; typedef BFlags<password_flags> Flags; BPassword(); BPassword(password_type type, const char* service, const char* password); BPassword(BPassword& other); virtual ~BPassword(); status_t SetTo(password_type type, const char* service, const char* password, Flags flags = 0); status_t SetTo(password_type type, const char* service, const char* subService, const char* password, Flags flags = 0); status_t SetPassword(const char* password, Flags flags = 0); const char* Password(); const char* OriginalPassword(); status_t SetKey(const uint8* data, size_t length); size_t KeyLength() const; status_t GetKey(uint8* buffer, size_t bufferLength); void SetService(const char* service); const char* Service() const; void SetSubService(const char* service); const char* SubService() const; void SetType(password_type type); password_type Type() const; void SetData(BMessage& data); const BMessage& Data() const; BPassword& operator=(const BPassword& other); bool operator==(const BPassword& other) const; bool operator!=(const BPassword& other) const; private: BMallocIO fPassword; BString fOriginalPassword; BString fService; BString fSubService; BMessage fData; password_type fType; }; --------------8<-------------- class BPasswordRoster { public: BPasswordRoster(); virtual ~BPasswordRoster(); status_t GetPassword(BPassword::password_type type, const char* service, BPassword& password); status_t GetPassword(BPassword::password_type type, const char* service, const char* subService, BPassword& password); status_t GetPassword(const char* keyring, BPassword::password_type type, const char* service, BPassword& password); status_t GetPassword(const char* keyring, BPassword::password_type type, const char* service, const char* subService, BPassword& password); status_t GetNextKeyring(uint32& cookie, BString& keyring); status_t GetNextPassword(const char* keyring, uint32& cookie, BPassword& password); status_t GetNextPassword(const char* keyring, BPassword::password_type type, uint32& cookie, BPassword& password); status_t SetMasterPassword(const BPassword& password); status_t RegisterKeyring(const char* keyring, const BPassword& password); status_t UnregisterKeyring(const char* keyring); status_t GeneratePassword(BPassword& password, size_t length, uint32 flags); status_t RegisterPassword(const BPassword& password); status_t UnregisterPassword(const BPassword& password); }; --------------8<-------------- Bye, Axel.