What is this FAQ? Who is maintaining it?
This FAQ is targeted at people deploying Gnome Keyring, either stand-alone or as part of a Linux distribution. Its goal is to clarify the security aspects of this product. It is maintained by the Gnome Keyring team, and lives on the team's wiki. The current FAQ maintainer is Yaron Sheffer. For last update information, see the bottom of this page.
What is the security thinking behind Gnome Keyring?
The security philosophy behind the product is described on this wiki.
What are the main security benefits of Gnome Keyring?
Gnome Keyring protects your passwords and private keys by encrypting them using a master password. Consequently, you can use different and more complex passwords for different uses, because you don't have to remember them all. You only need to remember the master password, and since it's only a single password, you can easily ensure that it is hard to guess.
In normal use, the keyring is unlocked upon login. You might want to keep more sensitive passwords/keys in separate keyrings, so that they are not unlocked automatically.
What types of attacks does Keyring protect against?
- Stealing passwords/keys from your machine when it is turned off, by reading the disk (but see below).
- Reading passwords from memory after the user had logged out, or from the swap area of the disk.
- One user reading another user's keyring file.
- Preventing one user from accessing another's Keyring daemon.
- Stealing passwords from inactive (locked) keyrings.
What types of attacks are still possible?
- Off-line guessing of the master password.
"Cold boot" attacks if the keyring is not locked upon suspend/hibernate (see below).
- "Cold boot" attacks if the computer is turned off abruptly, i.e. without the user logging out properly.
- Passwords in an unlocked keyring being read by a malicious application that is running on the user's desktop.
So I need a good master password, can you help me pick one?
Here is some information on picking a good password. Also, the Seahorse (a.k.a. Passwords and Encryption Keys) application's "new password" dialog has a visual indicator of password strength, and we recommend that you use it.
What does Gnome Keyring do against password guessing?
The keyring's master password is iteratively hashed. This result is used as a key to encrypt the keyring. The iterative application of the hash function (a random number of iterations, between 1000 and 2000) means that an attacker trying to brute-force the password needs to work harder. But a weak password is still weak.
Important! If your login password unlocks the keyring (as is typical when Gnome Keyring is integrated into the Linux distribution), then password breaking tools like John The Ripper will unlock your keyring, if the password is weak.
If someone doesn't have (or doesn't discover) the password, can they still decrypt the keyring?
No. All secret data in the keyring is encrypted using the highly secure AES-128, and cannot be decrypted in the absence of the password.
Can one application see another application's secrets?
Any application that executes with the same user's privileges can get access to any of the user's keyrings, and thus, can read secrets stored in any that are unlocked.
But SELinux provides finer control between applications?
SELinux is not yet integrated with Gnome Keyring. We need help to bring something like this to reality.
Is Gnome Keyring integrated with other security components?
Gnome Keyring is integrated with PAM, so that the "login" keyring can be unlocked when the user logs in. The keyring is locked on logout or when the computer hibernates/suspends. Note that the keyring is not locked upon user switching.
Can I lock the keyring every time I suspend the computer?
Yes, but currently you need to configure the Gnome Power Manager to do it. Use the configuration editor, gconf-editor, and enable the option /apps/gnome-power-manager/lock/gnome_keyring_suspend.
Update: this was fixed in gnome-power-manager, and will eventually be released. See the bug report.
Can I lock the keyring every time I put the computer into hibernation?
Yes, this is done by default. This option is controlled by a similar configuration key, /apps/gnome-power-manager/lock/gnome_keyring_hibernate.
Can I store my keyring on external storage? On a smartcard?
Gnome Keyring does not yet support storage of the keyring on external storage, such as a disk-on-key.
A much more secure option is a smartcard. Gnome Keyring is integrated with the Linux PKCS#11 infrastructure, but some configuration is needed. See this howto document.
I have a TPM (Trusted Platform Module) chip on my machine. Can I use it to protect my passwords?
No, there is no TPM integration yet. Such integration may be possible since the TrouSerS project includes a PKCS #11 interface to TPM, but we are not aware of any attempt to do so.
I'd like to store my keyring into some kind of cloud storage, so it can be synced between several computers.
For Ubuntu only, there is ongoing work on synchronizing the keyring to Ubuntu One.
How can I back up my keyring? What are the security issues?
The keyring is just another file, so there are no additional vulnerabilities when you back it up; but remember that if you back it up in a too-public location, anybody can try to break into it. And if your keyring shares a password with your login, you will be in trouble if it is broken.
Which cryptographic algorithms are used?
SHA-256 for hashing, AES-128 for encrypting the secrets. Note that although the documented file format has MD5 for the hash algorithm, the key for encrypting the keyring is not generated with MD5!
Does Gnome Keyring provide "crypto agility", that is, can cryptographic algorithms be changed if they are ever broken?
The keyring file format enables future versions of the product to change algorithms. Currently only the above two are used.
Does Gnome Keyring use a standard way of encrypting the keyring?
A standard exists in this area (PBKDF2, documented in RFC 2898). Unfortunately, Gnome Keyring doesn't implement it. A new file format is on the roadmap for gnome-keyring, which will include support for this.
How should I report security vulnerabilities?
If you discover or suspect a vulnerability, please do not post it to the mailing list! Security issues should be reported to firstname.lastname@example.org.