Template Version: @(#)sac_nextcase %I% %G% SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Seahorse for OpenSolaris
1.2. Name of Document Author/Supplier:
Author: Jeff Cai
1.3 Date of This Document:
30 October, 2008
4. Technical Description
1. Introduction
1.1. Project/Component Working Name:
Seahorse
1.2. Name of Document Author/Supplier:
Author: Jeff Cai
Sponsor: Irene Huang
1.3. Date of This Document:
10/28/2008
1.4. Name of Major Document Customer(s)/Consumer(s):
1.4.1. The PAC or CPT you expect to review your project:
Solaris PAC
1.4.2. The ARC(s) you expect to review your project:
LSARC
1.4.3. The Director/VP who is "Sponsoring" this project:
Robert O'Dea
1.4.4. The name of your business unit:
Software - OPG
1.5. Email Aliases:
1.5.1. Responsible Manager: harry.lu at sun.com
1.5.2. Responsible Engineer: jeff.cai at sun.com
1.5.3. Marketing Manager:
1.5.4. Interest List: brian.cameron at sun.com
darren.moffat at sun.com
wyllys.ingersoll at sun.com
2. Project Summary
2.1. Project Description:
Seahorse is a GNOME application for managing SSH keys and GNOME
keyrings.
It is a standard component of GNOME since 2.24.
With Seahorse you can
- Create and manage SSH keys.
- Manage your keyrings.
4. Technical Description:
4.1 Create and Manage SSH keys
Secure Shell (SSH) is a way of logging into a remote computer
to execute commands on that machine. SSH keys are used in a key-based
authentication system, as an alternative to the default password
authentication system.
To create a SSH key using seahorse, the user needs to give a description of
what the key is to be used for. The user needs to specify the encryption
type (RSA or DSA), the key strength (1024-4096) and the passphrase for the
key. The newly created key is stored at ~/.ssh.
Users can list or delete SSH keys under ~/.ssh. The user can also change
the passphrase for them.
Seahorse uses 'ssh-keygen' to produce these keys.
- change the passphrase
ssh-keygen -p -f input_keyfile
- generate the key
ssh-keygen -b bits -t type -C comment -f output_keyfile
4.2 Exporting and Importing Keys
Seahorse can import SSH keys from the clipboard or a key file.
Seahorse allows users to specify a SSH key file. Seahorse does not change
the content of imported files, instead, Seahorse copies the imported files
to ~/.ssh with non-duplicated file names.
Users can also export SSH private or public keys to files. In fact, Seahorse
just copies the content of files under ~/.ssh to new files. This is for
convenience to some junior users. They may want to save or put their keys
to other machines. For example, some developers need to upload their public
keys
to www.opensolaris.org. They don't need to know where SSH keys are usually
stored since Seahorse shows them keys. They can export those keys into
files
via Seahorse directly.
Seahorse can copy public key info to the clipboard.
4.3 Manage keyrings
Users can create and delete keyrings. Users can also change the password
of a keyring. Seahorse does this via interfaces provided by GNOME
keyring (LSARC/2008/430).
The created keyring files are stored in ~/.gnome2/keyrings/
4.4 Trusted keys.
Users can set ssh public keys as trusted keys. The trusted keys will be put
into the file ~/.ssh/authorized_keys.
4.5 Seahorse D-BUS API
The Seahorse D-BUS API allows other programs to:
- Query information about the user's keys, and watch for changes.
- Perform import/export and other basic operations on the user's keys.
The Seahorse D-BUS service name is:
org.gnome.seahorse
It is implemented by the seahorse-daemon process, which will be started
automatically as needed (using D-BUS activation)
org.gnome.seahorse.KeyService
Import and exporting of keys, as well as some other misc stuff.
Path /org/gnome/seahorse/keys
Interface: org.gnome.seahorse.KeyService
GetKeyTypes(out STRING[] keytypes)
GetKeySet
ImportKeys
ExportKeys
DisplayNotification
Interface: org.gnome.seahorse.Keys
ListKeys
GetKeyField
GetKeyFields
MatchKeys
KeyAdded
KeyRemoved
KeyChanged
4.6 Interfaces:
Exported Interfaces
Interface Classification Comments
--------------- -------------- ------------------
SUNWseahorse Uncommitted Package name
SUNWseahorse-root Uncommitted Package name
SUNWseahorse-devel Uncommitted Package name
/usr/bin/seahorse Volatile GUI application
/usr/lib/seahorse-daemon Volatile D-BUS daemon
/usr/lib/seahorse/ \ Project A program helps
input
seahorse-ssh-askpass Private a password.
/usr/lib/libcryptui.so.0 Volatile A library helps to
access
D-BUS service.
/usr/share/applications \ Volatile
seahorse.desktop
/usr/share/dbus-1/services/ \ Volatile D-BUS service file.
org.gnome.seahorse.service
/usr/share/seahorse/glade Project The directory which
Private contatins glade
files.
/etc/gconf/schemas/ \ Volatile GCONF keys schemas
that
seahorse.schemas defines the
preferences.
/usr/lib/pkgconfig/cryptui-0.0.pc Uncommitted
/usr/include/libcryptui/* Volatile Header files
org.gnome.seahorse.KeyService Volatile D-BUS interface
(session interface)
org.gnome.seahorse.Keys Volatile D-BUS interface
(session interface)
~/.gconf/apps/seahorse Volatile Config file for
seahorse.
Imported Interfaces
Interface Classification Comments
--------------- --------------- -----------------------
GNOME keyring Volatile LSARC/2008/430
GTK+ Committed LSARC/2008/207
D-BUS Volatile LSARC/2006/368
libnotify Volatile LSARC/2007/137
SUNWsshcu Committed PSARC/2001/212
ssh-keygen Committed PSARC/2001/212
$HOME/.ssh Committed PSARC/2001/212
$HOME/.gnome2/keyrings Volatile LSARC/2008/430
4.7 Packaging & Delivery:
Three new packages are delivered.
SUNWseahorse (base package) - base package for binaries
SUNWseahorse-root
SUNWseahorse-devel (development package) - development package
4.8 Security Impact:
Seahorse is just a GUI front-end of ssh and GNOME keyring, its security
can be ensured by ssh and GNOME keyring.
Seahorse provides a session daemon named seahorse-daemon. It provides a
D-BUS interface. The D-BUS architecture ensures that only the
applications
running as the same user can access the daemon to get the key services.
You can refer to [1] get the interface description.
4.9 Dependencies:
Seahorse makes use of ssh-keygen to generate keys and change the
passphrase.
So it depends on the package SUNWsshcu.
5. References
[1] Seahorse DBus Interfaces:
http://live.gnome.org/Seahorse/DBus
[2] Project page:
http://www.gnome.org/projects/seahorse
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
Desktop
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
