Algorithm: external

Session algorithm: external
Session input: Indices of client supplied Unix file descriptors where secrets are read and written (DBus type '(hh)')
Session output: empty string
Secret parameter: empty string

The external algorithm utilizes a pre-opened Unix file descriptor to exchange secrets. This way the service and client can securely transfer the secrets without imposing encryption. It is strongly recommended that a service implementing this API support the external algorithm.

Before opening the session, the client needs to prepare a pair of file descriptors used for communicating with the server. Such pairs are typically created using the pipe or socketpair system calls.

When the SetSecret() is called, the server reads a secret value from the read file descriptor in the following format:

length: 4-byte length of the secret value
secret: secret value in the length bytes

The byte order of the length field is determined through the DBus message header.

Conversely, when the GetSecret() is called, the server writes any secret to the write file descriptor in the same format.

The file descriptors on the server will remain open until the client calls the Close() or it disconnects.