GNOME Bugzilla – Bug 672155
New keyring format for keyring files
Last modified: 2021-06-18 10:40:38 UTC
The current keyring format has at least the following problems: * Limited to one password, per keyring file * Cannot be unlocked using smart cards or other mechanisms * Does not support binary secrets We need a new keyring format for keyring with following requirements: * Multiple mechanisms to encrypt and decrypt, for the same keyring file including: * RSA: for smart card support * Multiple passwords, * Ability to add and remove mechanisms at a later date. * Should be able to handle non-utf8 secrets. The entire file should not be encrypted. Attributes should not be encrypted, and need to be used to lookup passwords in a 'locked' (ie: non-decrypted) keyring. This is used to identify which keyring should be unlocked. It's not clear whether we should be using a database format, or if we should just keep loading the entire keyring into memory like we currently do. It's not clear that any database format has the flexibility for the above encryption requirements.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/ Thank you for your understanding and your help.