Re: gnome-keyring branched

From: James Henstridge <james jamesh id au>
To: nielsen memberwebs com
Cc: Jeff Waugh <jdub perkypants org>, desktop-devel-list gnome org
Subject: Re: gnome-keyring branched
Date: Fri, 21 Apr 2006 12:55:42 +0800

Nate Nielsen wrote:
> James Henstridge wrote:
>   
>> I haven't looked at the seahorse code much, but if gnome-gpg and
>> seahorse are storing PGP passphrases in the keyring it would make sense
>> to use the same key names so that the user doesn't need to reenter their
>> passphrase for each app (they'd still need to authorise the app to
>> access the key though).
>>     
>
> Good point. The seahorse gnome-keyring code [1] was committed [2] today,
> so I have no problems changing the field names this early on.
>
> A screenie: http://memberwebs.com/nielsen/shots/cache-preferences.png
>
> One thing to note is that seahorse can cache passphrases in different
> ways (ie: secure memory for the session, gnome-keyring) and one of the
> goals of seahorse is to cache keys/passwords of different types (ie:
> SSH, x509).
>
> It currently uses the following gnome-keyring fields.
>
> seahorse-key-type: gpg
> seahorse-keyid:    32 character keyid
>   
Is there any particular reason you chose to use two attributes to
identify the key rather than a single attribute whose name indicates the
type?  Is this to query all keys of a particular type?

> Any suggestions on common field names? If gnome-gpg already has a whole
> lot of users, then I don't mind using 'gnome-gpg-keyid' for OpenPGP keys.
>   
I'm not sure how large a number of users gnome-gpg has.  Also, I changed
the attributes in the most recent version of gnome-gpg when moving to
the --control-fd interface of GPG (mainly switching to 64-bit key IDs as
used by the control protocol).  So currently gnome-gpg adds the
following attributes:

    * gnome-gpg-keyid: 64-bit OpenPGP key ID (16 hex characters)
    * gnome-gpg-userid: the primary UID for the key.  Not actually used
      by gnome-gpg for queries, but I had the information and it seemed
      like it might be useful for other applications.


There are two ways we could go in order to get interoperability:

   1. Pick a de facto standard gnome-keyring query used to lookup the
      passphrase and make both seahorse and gnome-gpg use that.
   2. Make gnome-gpg set seahorse-key-type and seahorse-keyid
      attributes, and seahorse set the gnome-gpg-keyid attribute, so the
      passphrase will be found by the other application.

If (1) is chosen we might still want to do (2) to provide compatibility
during a transition period, but that may be overkill.

James.

Follow-Ups:
- Re: gnome-keyring branched
  - From: Nate Nielsen

References:
- gnome-keyring branched
  - From: Alexander Larsson
- Re: gnome-keyring branched
  - From: Corey Burger
- Re: gnome-keyring branched
  - From: Alexander Larsson
- Re: gnome-keyring branched
  - From: Jeff Waugh
- Re: gnome-keyring branched
  - From: Nate Nielsen
- Re: gnome-keyring branched
  - From: James Henstridge
- Re: gnome-keyring branched
  - From: Nate Nielsen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]