Re: gnome-keyring GNOME keyring without Gtk+

From: Alberto Mardegan <mardy users sourceforge net>
To: gnome-keyring-list gnome org
Subject: Re: gnome-keyring GNOME keyring without Gtk+
Date: Mon, 25 Mar 2013 10:28:19 +0200

Hi Stef,
  thanks for your reply. Comments inline.

On 03/21/2013 09:53 PM, Stef Walter wrote:
[...]

I'm not against collaborating on gnome-keyring with someone who has
non-GNOMEy goals, while at the same time I want to make sure we don't
give up on the integrated GNOME experience. I think we can accomplish this.


Agreed.

[...]

The password is passed over dbus using GcrSecretExchange to prevent
accidental logging or paging to disk as it goes into dbus marshalling
and on the wire. [3]


What is it actually doing? Is it encrypting/decrypting the reply?
I had a look at the GrcPrompter D-Bus interface and was wondering if we
could just standardise that, since it looks pretty simple; maybe turning
it into a D-Bus p2p channel would simplify the API even more (no need
for explicit callbacks and encryption).
Let me know if this is something worth exploring.

gcr supports introspection, but not sure if that helps toward making a
QT prompter.


Not at the moment; however I don't think it would be a very complicated
wrapping even if done manually (the only bit which worries me is that
the register method takes a GDBusConnection, and AFAIK there is no way
to create a GDBusConnection object out of an existing libdbus
DBusConnection, which we could get from QtDBus).

However I've been working on plans to make autologin work in a secure
but prompt-less manner by integrating with a TPM chip. This would allow
us to exit in that case, and then unlock the keyring using the TPM when
coming back.


Where would this integration take place? On the keyring or on the prompter?
Anyway, if we reimplement the GcrSystemPrompter, the fact that GNOME
keyring asks for the master password would not be a big issue, if the
prompter implementation is able to read the password from somewhere else
and not ask the user.

[...]

Again the reason for this is because I'd like more steady non-me
contributions to gnome-keyring.

So if being open to steady contributors that want make gnome-keyring
work well to use in a non-GNOME environment is what it takes to get
contributors, then I'm willing to compromise on certain things that I
wouldn't otherwise care about if I had a GNOME only mindset.

Let's see if my gambit pays off, hint, hint... :D


Crystal clear. :-)

On Thursday we are having a hangout OnAir about the secret storage
implementation for the Ubuntu phone/tablet:
http://joseeantonior.wordpress.com/2013/03/20/secure-credentials-storage-on-the-phone-on-air/
If you could make it, that would be great; there might be some questions
about changing some behaviours of the keyring which we have not yet
covered here.

Ciao,
  Alberto

-- 
http://blog.mardy.it <- geek in un lingua international!

Follow-Ups:
- Re: gnome-keyring GNOME keyring without Gtk+
  - From: Stef Walter

References:
- gnome-keyring GNOME keyring without Gtk+
  - From: Alberto Mardegan
- Re: gnome-keyring GNOME keyring without Gtk+
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]