diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-03-25 07:07:05 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-03-25 07:07:05 -0700 |
| commit | cff751de56663d017b7e997b034d90f9847711af (patch) | |
| tree | 3cbb2aa216a27a634b57da14d5cfdd148be95e2c /docs/gnome-keyring.org | |
| parent | rclone: correct path for the backups (diff) | |
| download | world-cff751de56663d017b7e997b034d90f9847711af.tar.gz | |
docs: add more documentation!
Diffstat (limited to 'docs/gnome-keyring.org')
| -rw-r--r-- | docs/gnome-keyring.org | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/docs/gnome-keyring.org b/docs/gnome-keyring.org new file mode 100644 index 0000000..35480e5 --- /dev/null +++ b/docs/gnome-keyring.org @@ -0,0 +1,66 @@ +#+TITLE: gnome-keyring-daemon setup + +It seems that there's a lot of hate for the =gnome-keyring-daemon= online, so I might be missing something. But on my end, it seems to simplifies a few things and there are no more prompt when I log into my session about various keys. + +* gnome-keyring-daemon +It looks like we need to install a few packages: +- =gnome-keyring= +- =seahorse= + +There is a [[file:~/workspace/linux-desktop/systemd/gnome-keyring.service][unit]] that ensure it starts when we log in a session. + +Using =seahorse=, we can see which secrets / keys are managed by it. + +Additional documentations: +- [[https://wiki.archlinux.org/title/GNOME/Keyring][arch wiki]] +* PGP +** Unlocking the key +The keyring daemon unlocks the key for us. +** Backup the key +To backup the key, do +#+begin_src sh +gpg --export-secret-keys --armor franck@fcuny.net > ~/documents/backups/gpg-secret-key-backup.asc +#+end_src + +To see the list of keys: +#+begin_src sh :results verbatim raw +gpg --list-secret-keys +#+end_src + +#+RESULTS: +/home/fcuny/.gnupg/pubring.kbx +------------------------------ +sec rsa4096 2021-09-13 [SC] + 23348B57F01D4234B5CFBA0923208AC01EB6EEA1 +uid [ultimate] Franck Cuny <franck@fcuny.net> +ssb rsa4096 2021-09-13 [E] + +To export the trusted keys: +#+begin_src sh +gpg --export-ownertrust > ~/documents/backups/gpg-trusteddb-backup.txt +#+end_src + +** Restore the key +To restore the key from the backup +#+begin_src sh +gpg --import ~/documents/backups/gpg-secret-key-backup.asc +#+end_src + +To restore the trusted db: +#+begin_src sh +gpg --import-ownertrust < ~/documents/backups/gpg-trusteddb-backup.txt +#+end_src + +If you don't import the trusted db you need to set your key as trusted +#+begin_src +gpg --edit-key franck@fcuny.net +gpg> trust +gpg> save +#+end_src +** Configuration for the agent +In =$HOME/.gnupg/gpg-agent.conf= +#+begin_src conf +pinentry-program /usr/bin/pinentry-gnome3 +#+end_src +* SSH +As the keyring daemon manages our ssh key, all we need to do is to export =SSH_AUTH_SOCK= to where the socket started by the daemon is. This is done in [[file:~/workspace/linux-desktop/dotfiles/pam_environment][pam_environment]]. |