ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #01202
Re: [Development] Solution for a password/secret storage
On 03/19/2013 02:16 PM, Tony Espy wrote:
> Ah, the devil is in the details. I wouldn't dismiss the benefits of a
> stable working code-base so quickly.
>
> The semantics already exist in code, the secure store piece is known to
> be secure and works as advertised, and the PAM integration allows
> gnome-keyring to operate without much intervention by the user. This
> wasn't always in the case in the past as others have pointed out.
>
> That said, if we've done the analysis and determined that the UI code is
> too tightly bound to the core logic, then that's another story...
Oops, I'd better correct myself before I start spreading FUD. :-) I was
sure that the UI code was very tight to the service, but I don't know
where I got that from.
I checked again, and this cannot be farther from the truth. :-)
gnome-keyring-daemon doesn't even depend on Gtk+, so it looks like that
it can be reused.
I didn't investigate how the master password prompt is generated, but
hopefully it's easy to replicate (I'd better ask to the GNOME keyring
maintainers about it, to be sure).
> That said, it should be possible to implement this type of storage using
> oFono's SIM API ( isn't this what Meego used? ).
No, it was a different one (not open-source, AFAIK).
> That said, what does gnome-keyring use for it's store, and what
> alternatives besides SIM have you considered?
It uses encrypted files in ~/.gnome2/keyrings/.
I think anything which can generate a byte-array can be used as a
keyring password -- it depends on the level of security you are looking for.
What I'd like to have is a system where there can be multiple ways of
unlocking the secrets DB, so that you are not completely lost if for
some reason you cannot use a specific one at the moment.
[...]
> Finally, one last aside... wouldn't full filesystem encryption remove
> the need for a secret storage service? AFAIK, it hasn't yet been
> discussed in the context of Touch.
That's a good thing to discuss. However, full disk encryption might
impose some hardware requirements to get a decent speed, and in any case
one must decide how to store the key to the filesystem.
Ciao,
Alberto
Follow ups
References