On 19/03/13 10:01, Alberto Mardegan wrote: > On 03/19/2013 11:54 AM, Bruno Girin wrote: >> OK so how does GNOME Keyring do it? My understanding is that with GNOME >> Keyring, the default keyring is the "login" keyring that is unlocked >> when users enter their login credentials, which is why you don't have to >> unlock it again during a session. Presumably it means that the "login" >> keyring is protected by the user's password? > Yes. In fact, it's possible to make the two passwords go out of sync, > and there you'll be prompted to enter your keyring master password as > the first application requests a password.
OK so it's essential that whatever we do ensures that doesn't happen. Users will have no idea what their "keyring master password" is. > >> Which also brings the question: with the freedesktop API, how do you >> change the password for a given collection? Do you have to re-encrypt >> all the data in that collection using the new password? > The API does not cover this: > http://standards.freedesktop.org/secret-service/ch10.html > > In fact, most clients should not be interested in this; they should just > care about whether the secrets DB is locked or unlocked, that's all. Unless you have a client that handles its own specific collection with its own specific password. I'm thinking of apps like the password safe I have on my phone where it makes sense to ask for a password every time you start it. So maybe doing this in a reliable way could be a sensible extension to the API? Bruno -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
