Re: gnome-keyring Short introduction

[Michael Leupold <lemma confuego org>]

On Thursday 19 February 2009 10:44:56 Stef wrote:
> Michael Leupold wrote:
> > In the process of doing so I'd like to document keyring's wire-protocol
> > (if there already is a documentation, please tell me) with the ultimate
> > goal of allowing other desktop environments and browsers to benefit from
> > a common solution as well.
> I'll say up front that the protocol isn't the most beautiful thing in
> the world. It'd be somewhat scary to see it become a standard of sorts.
> It's very similar to the SSH agent protocol, but that's not a great
> acolade :)
>
> I've been looking around for a standard to implement, sort of like how
> gnome-keyring implemented PKCS#11 for certificates and keys. But I
> haven't been able to find something similarly compelling for the storage
> of secrets.
>
> It'd be cool to somehow get a more standard DBus protocol going. But
> there are a few issues:
>
>  * Transferring secrets in non-pageable memory.
>  * Validating credentials of the peer.

One thing I disliked so far is that you can only unmarshal operations and 
daemon results if you know what you expect. This means that I have to 
unmarshal the results based on the operation I sent (which I have to remember 
because it isn't in the result either). It's not a big deal though and wasn't 
hard to work around.

Apart from that the wire protocol doesn't seem to be that bad. Of course DBus 
is nice and easy to use (we use it exclusively in kwalletd) and it comes with 
the additional benefit of not having to use a library to access the daemon as 
well as command-line tools to help debugging. Unfortunately your concerns are 
very valid. Peer credentials seem to be partly implemented (getting the PID on 
platforms that support it). But then there's also the problem that 
distributions currently seem to install DBus with eavesdropping enabled - 
which means other applications can spy on your secrets.

> > I've already been talking to KDE people to hear what they think and they
> > are quite open to a solution integrating keyring. This however is more of
> > a mid- to long-term goal as it might require changes to keyring as well.
> > One of the major requirements would be migrating from GConf to a solution
> > KDE could tap into as well - unfortunately THE free desktop config
> > framework isn't quite there yet :-)
>
> gnome-keyring-daemon uses very few settings from gconf, and they're only
> read on startup. I haven't been happy with the gconf use in any case, as
> it causes strange initialization problems and stuff. When this project
> progresses far enough, I'm sure we could work something out.

That sounds promising indeed.

Regards,
Michael