Secret
parameter: empty stringThe external algorithm utilizes a pre-opened Unix file descriptor to exchange secrets. This way the service and client can securely transfer the secrets without imposing encryption. It is strongly recommended that a service implementing this API support the external algorithm.
Before opening the session, the client needs to prepare a pair of file descriptors used for communicating with the server.
Such pairs are typically created using the pipe
or socketpair
system calls.
When the SetSecret()
is called,
the server reads a secret value from the read file descriptor in the following format:
length: 4-byte length of the secret value |
secret: secret value in the length bytes |
The byte order of the length field is determined through the DBus message header.
Conversely, when the GetSecret()
is called,
the server writes any secret to the write file descriptor in the same format.
The file descriptors on the server will remain open until the client calls the
Close()
or it disconnects.