about summary refs log tree commit diff
path: root/docs/gnome-keyring.org
blob: 35480e5dcca2f208bb9bffa579993d19a0cfdc4c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#+TITLE: gnome-keyring-daemon setup

It seems that there's a lot of hate for the =gnome-keyring-daemon= online, so I might be missing something. But on my end, it seems to simplifies a few things and there are no more prompt when I log into my session about various keys.

* gnome-keyring-daemon
It looks like we need to install a few packages:
- =gnome-keyring=
- =seahorse=

There is a [[file:~/workspace/linux-desktop/systemd/gnome-keyring.service][unit]] that ensure it starts when we log in a session.

Using =seahorse=, we can see which secrets / keys are managed by it.

Additional documentations:
- [[https://wiki.archlinux.org/title/GNOME/Keyring][arch wiki]]
* PGP
** Unlocking the key
The keyring daemon unlocks the key for us.
** Backup the key
To backup the key, do
#+begin_src sh
gpg --export-secret-keys --armor franck@fcuny.net > ~/documents/backups/gpg-secret-key-backup.asc
#+end_src

To see the list of keys:
#+begin_src sh :results verbatim raw
gpg --list-secret-keys
#+end_src

#+RESULTS:
/home/fcuny/.gnupg/pubring.kbx
------------------------------
sec   rsa4096 2021-09-13 [SC]
      23348B57F01D4234B5CFBA0923208AC01EB6EEA1
uid           [ultimate] Franck Cuny <franck@fcuny.net>
ssb   rsa4096 2021-09-13 [E]

To export the trusted keys:
#+begin_src sh
gpg --export-ownertrust > ~/documents/backups/gpg-trusteddb-backup.txt
#+end_src

** Restore the key
To restore the key from the backup
#+begin_src sh
gpg --import ~/documents/backups/gpg-secret-key-backup.asc
#+end_src

To restore the trusted db:
#+begin_src sh
gpg --import-ownertrust < ~/documents/backups/gpg-trusteddb-backup.txt
#+end_src

If you don't import the trusted db you need to set your key as trusted
#+begin_src
gpg --edit-key franck@fcuny.net
gpg> trust
gpg> save
#+end_src
** Configuration for the agent
In =$HOME/.gnupg/gpg-agent.conf=
#+begin_src conf
pinentry-program /usr/bin/pinentry-gnome3
#+end_src
* SSH
As the keyring daemon manages our ssh key, all we need to do is to export =SSH_AUTH_SOCK= to where the socket started by the daemon is. This is done in [[file:~/workspace/linux-desktop/dotfiles/pam_environment][pam_environment]].