Re: Do you use multiple gnome-keyring keyrings?



Dan Winship wrote:
> And also, I like having
> ssh-agent forget my keys after a while even if I'm logged in. (And the
> GNOME security policies encourage that sort of thing, as do the security
> policies of lots of other open source projects, I'm sure.)

For sure. gnome-keyring already has this functionality and will continue
to have it.

> Maybe a good compromise would be to have gnome-keyring *try* unlocking
> your ssh and gpg keyrings using your gnome keyring password, but if it
> fails, just ignore it and assume the user doesn't want his SSH/GPG keys
> to be handled by gnome-keyring.

Yes, this is planned behavior. SSH/X.509 Keys not generated by
gnome-keyring or (somehow, no details yet) marked for its use will be
readonly to gnome-keyring. In other words it'll try to use them, but not
mess with them in any way.

> (Although really what I want, is when I do "svn up", if my ssh key isn't
> unlocked, a gnome dialog should pop up asking for my password, 

Roger.

> At the present time, people who use SSH and/or GPG are pretty much
> guaranteed to be hacker types, not grandma/office worker types, so
> having the UI get more complicated when dealing with SSH and GPG isn't
> necessarily fatal.

SSH, yes. But not X.509, which is the current focus. X.509 certificates
are obviously big in corporations, setup by admins, and then used by
people who haven't the slightest clue about crypto or keys.

In any case, have no fear :) I like to keep my keys safe too. In fact
the goal is that they'll be even safer in an improved GNOME Keyring. For
example, currently private keys passwords are merrily swapped to disk
when hibernating. Scary.

Cheers,
Nate Nielsen




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]