#+TITLE: gnome-keyring-daemon setup It seems that there's a lot of hate for the =gnome-keyring-daemon= online, so I might be missing something. But on my end, it seems to simplifies a few things and there are no more prompt when I log into my session about various keys. * gnome-keyring-daemon It looks like we need to install a few packages: - =gnome-keyring= - =seahorse= There is a [[file:~/workspace/linux-desktop/systemd/gnome-keyring.service][unit]] that ensure it starts when we log in a session. Using =seahorse=, we can see which secrets / keys are managed by it. Additional documentations: - [[https://wiki.archlinux.org/title/GNOME/Keyring][arch wiki]] * PGP ** Unlocking the key The keyring daemon unlocks the key for us. ** Backup the key To backup the key, do #+begin_src sh gpg --export-secret-keys --armor franck@fcuny.net > ~/documents/backups/gpg-secret-key-backup.asc #+end_src To see the list of keys: #+begin_src sh :results verbatim raw gpg --list-secret-keys #+end_src #+RESULTS: /home/fcuny/.gnupg/pubring.kbx ------------------------------ sec rsa4096 2021-09-13 [SC] 23348B57F01D4234B5CFBA0923208AC01EB6EEA1 uid [ultimate] Franck Cuny ssb rsa4096 2021-09-13 [E] To export the trusted keys: #+begin_src sh gpg --export-ownertrust > ~/documents/backups/gpg-trusteddb-backup.txt #+end_src ** Restore the key To restore the key from the backup #+begin_src sh gpg --import ~/documents/backups/gpg-secret-key-backup.asc #+end_src To restore the trusted db: #+begin_src sh gpg --import-ownertrust < ~/documents/backups/gpg-trusteddb-backup.txt #+end_src If you don't import the trusted db you need to set your key as trusted #+begin_src gpg --edit-key franck@fcuny.net gpg> trust gpg> save #+end_src ** Configuration for the agent In =$HOME/.gnupg/gpg-agent.conf= #+begin_src conf pinentry-program /usr/bin/pinentry-gnome3 #+end_src * SSH As the keyring daemon manages our ssh key, all we need to do is to export =SSH_AUTH_SOCK= to where the socket started by the daemon is. This is done in [[file:~/workspace/linux-desktop/dotfiles/pam_environment][pam_environment]].