|
| 1 | +# Summary |
| 2 | + |
| 3 | +This RFC proposes the addition of OS keychain APIs to the libobs platform utilities to faciliate secure storage of credentials. |
| 4 | + |
| 5 | +# Motivation |
| 6 | + |
| 7 | +While the credentials stored by OBS in profiles are not of severe sensitivity due to limited scope, as a modern desktop application we should still do our best to store them securely. |
| 8 | + |
| 9 | +# Detailed Changes |
| 10 | + |
| 11 | +This RFC proposes the addition of the following libobs API methods: |
| 12 | + |
| 13 | +- `bool os_keychain_save(const char *key, const char *data)` |
| 14 | +- `bool os_keychain_load(const char *key, char **data)` |
| 15 | +- `bool os_keychain_delete(const char *key)` |
| 16 | + |
| 17 | +As the API requires OS-specific implementation it shall become part of the `util/platform.h` header. |
| 18 | + |
| 19 | +Operating-system backends: |
| 20 | +- Windows: `wincred.h` / `Cred*` Win32 API functions |
| 21 | +- macOS: Keychain Services API |
| 22 | +- Linux: `libsecret` |
| 23 | + |
| 24 | +On some platforms we may add a prefix such as `obs-studio:` to identify keychain an entries as an OBS-related to the user. This is already common practice with many applications such as git, RDP, or Xbox Live. |
| 25 | + |
| 26 | +**Usage examples:** |
| 27 | +Saving: |
| 28 | +```c |
| 29 | +const char *key = "ProfileName::StreamKey"; |
| 30 | +const char *value = "mystreamkey"; |
| 31 | +bool success = os_keychain_save(key, value); |
| 32 | +``` |
| 33 | + |
| 34 | +Loading: |
| 35 | +```c |
| 36 | +const char *key = "ProfileName::StreamKey"; |
| 37 | +char *value = NULL; |
| 38 | +bool success = os_keychain_load(key, &value); |
| 39 | + |
| 40 | +... do stuff ... |
| 41 | + |
| 42 | +if (value) |
| 43 | + bfree(value); |
| 44 | +``` |
| 45 | +
|
| 46 | +Deletion: |
| 47 | +```c |
| 48 | +const char *key = "ProfileName::StreamKey"; |
| 49 | +bool success = os_keychain_delete(key); |
| 50 | +``` |
| 51 | + |
| 52 | +# Drawbacks |
| 53 | + |
| 54 | +Accessing keychain information can reduce portability of profiles by not storing OAuth information or stream keys in plaintext files. |
| 55 | + |
| 56 | +In some cases accessing the keychain may require user confirmation, the API may block in such cases, which has to be accounted for by consumers. |
| 57 | + |
| 58 | +On Linux the situation may be more complicated. While both GNOME and KDE provide a "Secret Service", other desktop environments might not. This will require further investigation. |
| 59 | +In some case such as Flatpak this may be achieved by using the `Secrets` portal and encrypting information stored using the application-specific key provided by the `RetrieveSecret()` API. |
| 60 | + |
| 61 | +If no OS keychain implementation is available OBS might need to be able to provide a file-based store that can be fallen back to at compile time. |
| 62 | + |
| 63 | +# Additional Information |
| 64 | + |
| 65 | +- Windows credential store documentation: https://learn.microsoft.com/en-us/windows/win32/api/wincred/ |
| 66 | +- macOS keychain documentation: https://developer.apple.com/documentation/security/keychain_services?language=objc |
| 67 | +- Linux/GNOME libsecret documentation: https://gnome.pages.gitlab.gnome.org/libsecret/ |
| 68 | +- Flatpak "Secret" Portal: https://docs.flatpak.org/en/latest/portal-api-reference.html#gdbus-org.freedesktop.portal.Secret |
| 69 | +- Proof of Concept for storing OAuth information in the keychain (no libobs changes, reference for Windows API usage only): https://github.com/derrod/obs-studio/commit/8c04a72ae6c6255f8895a168d0fc33d0a99bc2ec |
0 commit comments