Support secret transfer via dh-ietf1024-sha256-aes128-cbc-pkcs7

[mrueg]

As of now, go-keyring only supports "plain" to transfer secrets. It would be nice if go-keyring would support dh-ietf1024-sha256-aes128-cbc-pkcs7 as well as defined in here: https://specifications.freedesktop.org/secret-service/latest/ch07s03.html

Further context: https://github.com/zalando/go-keyring/pull/66#issuecomment-1227051625

Kwallet recently added support for Secret Service API.

Looks like this does not work as "plain" Algorithm is not supported. Trying to use it, I get: Algorithm plain is not supported. (only dh-ietf1024-sha256-aes128-cbc-pkcs7 is supported) See: https://invent.kde.org/frameworks/kwallet/-/blob/master/src/runtime/kwalletd/kwalletfreedesktopservice.cpp#L265

Probably either kwallet should add support for plain, or maybe

https://github.com/zalando/go-keyring/blob/2a119601fb0034fffe89c0af1f6e7be2ac16f6ab/secret_service/secret_service.go#L66 could be changed to use other algorithms as well.

[mikkeloscar]

I tried to add a simple solution for this in https://github.com/zalando/go-keyring/pull/83

Can someone using kwallet try it out and report back whether this works or not?

[mrueg]

Heh, #83 looked similar to my initial attempt as well. Unfortunately it did not work, as you need to prepare, handle and manage keys for DH. Here's an implementation: https://github.com/mvdan/bitw/blob/438196b7e8f07113742d2c5b3c2498f3f3638df8/dbus.go#L93

FWIW KDE/KWallet folks are working on supporting plain here: https://invent.kde.org/frameworks/kwallet/-/merge_requests/35