Re: gnome-keyring A couple of questions about Gnome Keyring

From: Groth Johan <johan groth cell-telecom com>
To: Adam Schreiber <adam schreiber gmail com>
Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring A couple of questions about Gnome Keyring
Date: Thu, 19 Nov 2009 13:09:22 +0100

 

> -----Original Message-----
> From: Adam Schreiber [mailto:adam schreiber gmail com] 
> Sent: 19 November 2009 01:09
> To: Groth Johan
> Cc: gnome-keyring-list gnome org
> Subject: Re: gnome-keyring A couple of questions about Gnome Keyring
> 
> 2009/11/18 Groth Johan <johan groth cell-telecom com>:
> > Hi all,
> > The company I work for is considering to use Gnome Keyring to store 
> > certificates for VPN access but are a bit concerned that 
> they can be 
> > moved from one computer to another. So I saw this on the web page:
> >
> > 'Non-exportable' certificates could be implemented by 
> encrypting them 
> > with a random passwords, and storing that password within 
> the normal 
> > gnome-keyring password file. This way they wouldn't be used 
> onanother 
> > computer even if copied out of that directory.
> >
> > Has this been implemented and if it has in which version of 
> Gnome Keyring?
> 
> Since you didn't reference the web page you found it on, I'm 
> going to comment sight unseen because Stef's out of touch for a bit.
> 
> It probably means that a user could implement non-exportable 
> certificates by encrypting the certs themselves and storing 
> the symmetric encryption passphrases in gnome-keyring as 
> normal secrets.

Thank you for your reply and I apologise for not supplying the web link. Here it is: http://live.gnome.org/GnomeKeyring/Cryptoki. 

Perhaps I should describe the situation a bit more what we are actually trying to do.
We are going to write a user application that downloads certificates from a web server, then connects to gnome-keyring-daemon and asks it store these certificates. What I'm having trouble finding out is where is the certificate stored (hopefully under ~/.gnome2/keyring), is the store file encrypted (hopefully yes) and if it is what encryption algorithm is used (hopefully AES)? 

The security team told us that any algorithm that uses 128-bits keys or higher is acceptable so AES would be OK.

Regards,
Johan

References:
- gnome-keyring A couple of questions about Gnome Keyring
  - From: Groth Johan
- Re: gnome-keyring A couple of questions about Gnome Keyring
  - From: Adam Schreiber

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]