← Back to team overview

ubuntu-phone team mailing list archive

Re: [Development] Solution for a password/secret storage

 

On 03/19/2013 11:54 AM, Bruno Girin wrote:
> OK so how does GNOME Keyring do it? My understanding is that with GNOME
> Keyring, the default keyring is the "login" keyring that is unlocked
> when users enter their login credentials, which is why you don't have to
> unlock it again during a session. Presumably it means that the "login"
> keyring is protected by the user's password?

Yes. In fact, it's possible to make the two passwords go out of sync,
and there you'll be prompted to enter your keyring master password as
the first application requests a password.

> Which also brings the question: with the freedesktop API, how do you
> change the password for a given collection? Do you have to re-encrypt
> all the data in that collection using the new password?

The API does not cover this:
http://standards.freedesktop.org/secret-service/ch10.html

In fact, most clients should not be interested in this; they should just
care about whether the secrets DB is locked or unlocked, that's all.

Ciao,
  Alberto



Follow ups

References