I've run all the testers on Leopard, and the couple of issues I found were actually my fault, so I fixed those and now it looks like the framework is just as functional on Leopard as Tiger. There may be a difference in how invalid attributes are handled on KeychainItems, as I haven't checked exhaustively yet, but I'm reasonably sure its the same.
If you find any Leopard issues, of course do let me know. I'll also need to go through, at some point, and do a proper audit on all the areas that have changed (such as supported algorithms, for example).
Etienne Samson has very kindly cvs2svn'd the existing CVS repository, and I've imported the result in Subversion. I've also used the new flexibility SVN affords to reorganise the project files - they're now categorised into subfolders, which is a big improvement from the previous flat approach.
All work will now be done out of Subversion, and new changes committed only to Subversion. At some point I'll turn the CVS repository off.... read more
It's hard to believe it's been four years since I started this. Even longer, actually... nearly five now, I think. Scary.
After a rather long interlude, I'm now back working on this. I'm not making any promises; it's just on a whim at the moment. I'd really like to see the whole framework cleaned up, polished and verified from top to bottom... but that's a tall order, so for now I'm settling with making the core stuff savvy, and we'll see how it goes from there.... read more
I've fought a bit with HeaderDoc, and have for once come out the victor; the top of tree now produces Documentation without error (well, with my particular version of HeaderDoc, anyway). Well... there's lots missing, but that could potentially be attributed to the fact that it hasn't been written, which strictly speaking isn't HeaderDoc's fault... but still. :D
Just a note though, I had issue with resolveLinks on my machine; it crashes if you let it use more than 1 thread. The solution I've implemented is to modify line 785 of /System/Library/Perl/Extras/5.8.6/HeaderDoc/Utilities.pm, taking it from this:... read more
I know I've been promising this since more or less the dawn of time, but it's finally now real - the top of tree in CVS is now building!
That's not to say it necessarily works, of course. :) There's still a fair few changes to be made, and bugs to be fixed as a result of those changes, but at least there's progress.
My new policy is to require head of tree to build, always. I'll be checking that myself before each commit. If anyone nonetheless finds that it doesn't build straight out of head of tree, drop me a line and I'll fix it pronto.... read more
Yes, I'm still alive and kicking, despite some people's best efforts otherwise. ;)
And yes, I'm still working on the Keychain framework. Progress is slow, that's undeniable. For the last three months I've been working at Apple, which has taken up most of my coding energy. I'm starting to recover some of that, but uni starts against in two weeks, which as always will screw everything up.
So, there's been a fair bit of interest in the framework, but usually with the same queries - why is the version in CVS broken, what's actually supported, is it abandoned, etc. So, let's set the record straight:... read more
I'm finally redoing a whole swathe of stuff - implementing a CSSMModule class and all the related paraphernalia. This will make it way easier to use different modules, both as defaults and concurrently.
Also, I've fixed about a dozen significant bugs at the same time, relating to memory leaks, corruption, and so forth.
The rewrite will take a while to get done properly - there's a lot to do. I don't have any ETA - I'm sure I'd miss whatever I set anyway. At the moment I've got a fair bit of free time, but I doubt that'll hold for long... anyway, I'll do my best. As always, words of encouragement do wonders for motivating me to do more work, so please do email me if you're interested in the framework.
I've finally added the XCode 2.0+ project file to CVS, which is the only up to date one at the moment (I'll update the 1.5 one soonish, hopefully).
Unfortunately, it's been brought to my attention by a thoughtful user that there's some bugs in Tiger relating to key & certificate handling (full extent unknown). I'm working on these at the moment, but there's quite a number of them, and I'm not sure what the root cause (if there is a single cause) is as yet... I'll keep people posted.... read more
Just a note to say I'm still here, and starting to do some Tiger testing of the framework. There seems to be some miscommunication regarding release notes for Tiger's Security framework, but I'm sure that'll be resolved in time.
I have been making fairly regular updates to the CVS version, albeit aesthetic ones primarily, and minor bug fixes. I do have a few new things I'll be adding in soon, hopefully, so "stay tuned". :)... read more
I'm just curious, as many middle-ware developers invariably are, as to where and how my little baby's being used. :) So far I've noticed it embedded in Proteus and used by some people in the Python community, but that's largely all I could find on it (via Google and Finder's Search). Does anyone else know of any other current uses [& users]?
The latest version of the source (far newer than that previously released) has finally made it into CVS. It does build (albeit with a few warnings), although it's very much a work in progress at this point. It fixes a lot of bugs that many people have encountered (not all; still work to be done), so I'd recommend using building your own version from CVS rather than downloading the source packages.
Just letting everyone know that I'm not dead, nor is the Keychain framework. Other commitments have severely restricted my free time, so progress has been slow, but it's still being made. It's good to hear from people every now and again about how they're using the framework, or at least how it's helped them use the Security framework and other API's.
Just a minor release to fix a fairly substantial set of bugs with the methods for retrieving KeychainItem's and passwords, and to provide an improvement to the methods for setting passwords, in order to allow for existing entries. The latter change will break existing code, since a new parameter has been added to the two relevant methods.
Special thanks goes to Mark Ackerman, who both spotted and fixed these problems.... read more
First subject, CVS. I hate CVS, and am behind a draconian firewall at campus which requires me to use CVS via CLI on a remote Red Hat box. Not pretty. Thus, I've declined to use Sourceforge's CVS functionality on the grounds that it's a waste of my time and patience. If there's anyone out there with the incling to manage the CVS, they can drop me a line. Otherwise, I'll continue to distribute source updates via the File Releases mechanism. Which reminds me - yes, the bz2 files in the File Repository are of the source, not binaries. Some people seem to be getting confused.... read more
Just another trivial post to inform the world that I am still here, and working hard. SDO is coming along - I've got a reasonable handle on it now, and am currently rewriting the hacked up bits, trying to resolve a few niggling errors. It's not fully working yet, but at least connects properly now. Hopefully my reverse engineering of the distributed objects system has been accurate, so that my messaging and protocol code works.... read more
I'll just take the opportunity to thank Doug Mitchell for his patience and help over the last week. As anyone knowing anything about SecureTransport will probably have picked up, when I last posted about my SecureTransport issues I displayed a stunning lack of understanding of how it worked. With Doug's help and a bit of back-to-basics, I've finally come out on top of that.
What this means is that my SDO (Secure Distributed Objects) implementation is on it's way to working properly. I'm currently stuck trying to get it to accept a non-CA'd identity for the server, but I'm sure I can resolve that one way or another - most users of SSL will have valid CA'd identities.... read more
I haven't worked much on the Keychain framework over the last week or so, because I've been instead focusing on implementing a secure subclass of NSPort for Distributed Objects. This has kept me buried in the debugger all week. It really is a nightmare. I naively used an asynchronous socket, whereas SecureTransport expects everything to be synchronous and blocking... plus I can't actually get any SecureTransport code, even Apple's examples, to work properly... then there's also the fact that in some of my demo's I can't get sockets to listen, for reasons completely beyond me...... read more
The framework has been updated, although it's just a work-in-progress update, with no major changes. Keychain events are now posted as notifications, I've added a few extra methods here and there to the existing classes (KeychainItem's now have a proper description method, for example), and patched a few more memory leaks.
The first release of Security Manager is up. This app is aimed at end-users, and my intention is to make it the singular app to use with regards to keychain and security operations. At present it simply creates keys, certificates and identities, but this will be expanded in future. I'll probably fold in the functionality of the 'Keychain Demo' project soon.... read more
This 25th June 2003 release is just a working snapshot, and as such some newer things may be incomplete or dysfunctional. Standard disclaimer applies.
Other than finally including a proper license definition, new features include [finally] being able to add identities to a keychain, to retrieve all identities regardless of what they provide, and a host of little bug fixes - I zapped a couple of hundred memory leaks which were the result of poor x509 class definitions. Luckily the x509 classes aren't all used yet.... read more
I've finally gone with the BSD license to cover all the source (apart from the SecACL.h file, which is of course covered by the APSL). Hopefully this will solve any problems people were having with using the code or any binaries resulting from. Enjoy.
I've finally resolved the problems with certificate signing - turned out to be a ID ten T error - and so can finally get on with more important stuff.
I've also done a lot of documentation (while I was stuck on that signing bug), although in places it's a bit sparse. Not everything is documented yet, but I'm working on it.
That's about all, really. I've been working through my midyear exams the last two weeks (4 down, 5 to go), which is why this update has been so long coming. Expect much better things in the next month.
This update has quite a few unfinished bits and pieces in it, because I wasn't aiming for a particularly well-rounded release - just an update, to fix some noticeable bugs in the previous version.
I'm working on x509 support, and have added something like 20 new classes for it, mostly as wrappers around CSSM structures. I'm still puzzling over the memory management behind this, so even though these classes are largely useless at the moment, any tips or bug reports would be greatly appreciated.... read more
Just posted a new release. Asymmetric encryption/decryption and signing/verification is now supported. There's some preliminary support for key wrapping (currently being aflicted by some very persistant bugs), and high-quality random data generation. Lots of other small changes and bug fixes, too.
In keeping with my promise to work on the cryptography code, I've fixed up key generation, added symmetric encryption/decryption, MAC generation and verification, and numerous other little bug fixes. There's also quite a few patched memory leaks, which I forgot to mention in the release notes.
Unfortunately, the whole thing probably still leaks like a sieve. I don't want to focus on the leaks directly until more features are implemented, so if you're having issues, you'd best spend a little time fixing it yourself. That's what this whole open source thing is about. :)
After a bit of work, the Keychain framework is finally at a stage where it actually works, somewhat. I'd very much encourage keychain and security developers (for MacOS X) to download and try out the framework, and add to it if possible. There's a lot of work to be done yet, particularly in the area of parsing BER encoded data.