GNOME Keyring

Introduction

GNOME Keyring is a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications.

GNOME Keyring is integrated with the user's login, so that their secret storage can be unlocked when the user logins into their session.

GNOME Keyring is based around a standard called PKCS#11, which is a standard way for applications to manage certificates and keys on smart cards or secure storage.

• Disscusion: https://discourse.gnome.org/tag/keyring

  • The old Mailing List Archive is still available: https://mail.gnome.org/archives/gnome-keyring-list/

• IRC Channel: #keyring on gimpnet

• Gitlab project: https://gitlab.gnome.org/GNOME/gnome-keyring

Philosophy and Architecture

• Goals and Vision

• Gnome Keyring Security Philosophy

• Gnome Keyring Architecture

• About Storing Secrets

• Secure memory details

Storing Passwords

GNOME keyring has a password store which GNOME applications can access to store and find passwords and other sensitive data.

• Overview

• How to store passwords via the API

• API documentation

Automatic Unlocking

GNOME Keyring supports automatically unlocking keyrings when the user logs into the machine.

• More details

SSH Agent

GNOME Keyring includes an SSH agent that uses X.509 and/or OpenSSH encryption keys.

• More details

Certificates and Encryption Keys

As of 2.21.3 gnome-keyring stores and manages certificates encryption keys. It contains a PKCS#11 module which allows other applications to retrieve and use the certificates and keys.

• More details

• Configure applications to use gnome-keyring certificates and keys

• PKCS#11 module implementation

Other Information

• Notes for Distributors

• Technical Details on Running the Daemon

• Password Keyring Formats

• PK and X.509 Formats

• Security FAQ

CategoryAdministration, CategoryProject