Oliver Tappe <zooey@xxxxxxxxxxxxxxx> wrote: > On 2011-01-28 at 19:52:51 [+0100], Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> > > wrote: > [ ... ] > > > While the primary purpose should be for passwords, the Mac OS X > > > Keychain at least also supports certificates. > > I'm not yet sure what would be the objective to put those there, > > since > > the access to certificates is usually not restricted. It is > > security > > related, and could be managed by the same application, but I don't > > really think that BKeyStore would be the right place for it. > I think the point is that these would be *client* certificates, which > usually come with a passphrase that you need to provide before they > can be > accessed. That would make some sense, and it should be no problem to store those using the (suggested) BKeyStore. But at least the Mac OS X keychain API allows to store data like certificates unencrypted. Bye, Axel.