GNOME/Keyring

From Gentoo Wiki
< GNOME
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

GNOME Keyring is a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications.

GNOME Keyring is integrated with the user's login, so that their secret storage can be unlocked when the user logins into their session.

GNOME Keyring is based around a standard called PKCS#11, which is a standard way for applications to manage certificates and keys on smart cards or secure storage.

Installation

USE flags

USE flags for gnome-base/gnome-keyring Password and keyring managing daemon

+ssh-agent Use GNOME Keyring to unlock SSH keys. Recommended unless you are using ECDSA or Ed25519 keys.
pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
systemd Enable use of systemd-specific libraries and features like socket activation or session tracking
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
valgrind Enable annotations for accuracy. May slow down runtime slightly. Safe to use even if not currently using dev-debug/valgrind
Data provided by the Gentoo Package Database · Last update: 2024-12-21 17:16 More information about USE flags

Emerge

root #emerge --ask gnome-base/gnome-keyring

Additional software

Seahorse

app-crypt/seahorse is a GUI application that can be used to manage the contents of GNOME Keyring.

root #emerge --ask app-crypt/seahorse

secret-tool

secret-tool (provided through the app-crypt/libsecret package) is a CLI application that can be used to manage the contents of GNOME Keyring.

root #emerge --ask app-crypt/libsecret

Usage

You can manage the contents of GNOME Keyring using the aforementioned additional software.

Caveats

SSH keys

GNOME Keyring can act as a wrapper around ssh-agent. In that mode, it will display a GUI password entry dialog each time you need to unlock an SSH key. The dialog includes a checkbox to remember the password you type, which, if selected, will allow fully passwordless use of that key in the future as long as your login keyring is unlocked.

However, the SSH functionality is disabled by default in the official GNOME Keyring builds since version 46.0. It has been replaced by a standalone binary /usr/libexec/gcr-ssh-agent, which is part of the app-crypt/gcr package.

In Gentoo, the SSH functionality is enabled by default (via the ssh-agent USE flag), but can be replaced with GCR if necessary.

Setup GCR

systemd
  1. Disable the ssh-agent USE flag on the gnome-base/gnome-keyring package.
  2. Enable the gcr-ssh-agent.socket systemd user unit:
    user $systemctl --user enable gcr-ssh-agent.socket
  3. Start the gcr-ssh-agent.socket systemd user unit once:
    user $systemctl --user start gcr-ssh-agent.socket
    This will create a socket file at $XDG_RUNTIME_DIR/gcr/ssh. Once that file is created, the first step is sufficient to have the socket unit started automatically.
  4. Log out and log in. Check the value of the SSH_AUTH_SOCK environment variable in the shell and in the output of systemctl --user show-environment. It should point to the aforementioned socket file.

Removal

Unmerge

root #emerge --ask --depclean --verbose gnome-base/gnome-keyring

External resources

Retrieved from "https://wiki.gentoo.org/index.php?title=GNOME/Keyring&oldid=1386583"