gnome-keyring [PATCH] Unlock keyrings using GPG-encrypted password

From: Michał Górny <mgorny gentoo org>
To: gnome-keyring-list gnome org
Subject: gnome-keyring [PATCH] Unlock keyrings using GPG-encrypted password
Date: Thu, 8 Jun 2017 09:14:59 +0200

Hi,

I'm sorry about not sending it earlier. Here's patch I was talking
about. As I said, it's pretty dumb. Set a random keyring password first,
then encrypt it in a file <keyring_name>.gpg and put into keyrings dir,
e.g. if your keyring is 'login.keyring' in ~/.gnome2/keyrings:

  umask 077
  echo mypassword > ~/.gnome2/keyrings/login
  gpg -e ~/.gnome/keyrings/login

It will ask about your user ID, you select to encrypt to yourself
and after building gnome-keyring with the patch you should get GPG
password dialog (to decrypt the password) before the normal dialog
(asking for password).

---
 pkcs11/wrap-layer/gkm-wrap-prompt.c | 66 +++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/pkcs11/wrap-layer/gkm-wrap-prompt.c b/pkcs11/wrap-layer/gkm-wrap-prompt.c
index 71bc14da..4bba2997 100644
--- a/pkcs11/wrap-layer/gkm-wrap-prompt.c
+++ b/pkcs11/wrap-layer/gkm-wrap-prompt.c
@@ -165,11 +165,77 @@ auto_unlock_object_digest (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
 }
 
 static gchar*
+auto_unlock_try_gpg (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
+{
+       CK_ATTRIBUTE_PTR attr;
+       gchar* directory;
+       gchar* path;
+       gchar* argv[4];
+       gchar* password;
+       gint exitst;
+       GError* err;
+
+       attr = gkm_attributes_find (attrs, n_attrs, CKA_ID);
+       if (attr == NULL)
+               return NULL;
+
+       directory = gkm_util_locate_keyrings_directory();
+       path = g_strdup_printf("%s/%s.gpg", directory, (gchar*)attr->pValue);
+       g_free(directory);
+
+       if (!g_file_test(path, G_FILE_TEST_IS_REGULAR))
+       {
+               g_free(path);
+               return NULL;
+       }
+
+       argv[0] = "gpg";
+       argv[1] = "-d";
+       argv[2] = path;
+       argv[3] = NULL;
+
+       if (!g_spawn_sync(NULL, argv, NULL,
+                       G_SPAWN_SEARCH_PATH|G_SPAWN_CHILD_INHERITS_STDIN,
+                       NULL, NULL,
+                       &password, NULL,
+                       &exitst, &err))
+       {
+               fprintf(stderr, "Error spawning key decrypt: %s\n",
+                               err->message);
+               g_free(path);
+               return NULL;
+       }
+
+       g_free(path);
+
+       if (!g_spawn_check_exit_status(exitst, &err))
+       {
+               fprintf(stderr, "Key decrypt exit abnormally: %s\n",
+                               err->message);
+               g_free(password);
+               return NULL;
+       }
+
+       g_strchomp(password);
+       if (!*password)
+       {
+               g_free(password);
+               return NULL;
+       }
+
+       return password;
+}
+
+static gchar*
 auto_unlock_lookup_keyring (CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
 {
        gchar *location;
        gchar *password;
 
+       password = auto_unlock_try_gpg(attrs, n_attrs);
+       if (password)
+               return password;
+
        location = auto_unlock_keyring_location (attrs, n_attrs);
        if (location == NULL)
                return NULL;
-- 
2.13.1

Follow-Ups:
- Re: gnome-keyring [PATCH] Unlock keyrings using GPG-encrypted password
  - From: Herr Oswald

References:
- Re: gnome-keyring auto login
  - From: Herr Oswald

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]