|
Packit |
1470ea |
|
|
Packit |
1470ea |
<page xmlns="http://projectmallard.org/1.0/" xmlns:its="http://www.w3.org/2005/11/its" type="topic" id="tech-secret" xml:lang="sl">
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<info>
|
|
Packit |
1470ea |
<link type="guide" xref="tech" group="secret"/>
|
|
Packit |
1470ea |
<revision pkgversion="3.0" date="2011-04-05" status="candidate"/>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<credit type="author copyright">
|
|
Packit |
1470ea |
<name>Shaun McCance</name>
|
|
Packit |
1470ea |
<email its:translate="no">shaunm@gnome.org</email>
|
|
Packit |
1470ea |
<years>2011</years>
|
|
Packit |
1470ea |
</credit>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<include xmlns="http://www.w3.org/2001/XInclude" href="cc-by-sa-3-0.xml"/>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<desc>Secure storage for passwords and other data</desc>
|
|
Packit |
1470ea |
</info>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<title>Secret</title>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
GNOME uses libsecret as a secure keyring manager, to store users'
|
|
Packit |
1470ea |
passwords and other sensitive data. Applications can use the keyring
|
|
Packit |
1470ea |
manager library to store and access passwords, and users can manage
|
|
Packit |
1470ea |
their passwords using GNOME's <app>Seahorse</app>
|
|
Packit |
1470ea |
application.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
The keyring manager provides any number of keyrings, where each
|
|
Packit |
1470ea |
keyring can contain any number of keyring items. Items in a keyring
|
|
Packit |
1470ea |
store some piece of data, often a password. Each keyring is locked
|
|
Packit |
1470ea |
individually, and users must provide a password to unlock the keyring.
|
|
Packit |
1470ea |
Once a keyring has been unlocked, the user has access to all of the
|
|
Packit |
1470ea |
items in that keyring.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
The keyring manager provides access control lists for each keyring
|
|
Packit |
1470ea |
item, controlling which applications are allowed access to that item.
|
|
Packit |
1470ea |
If an unknown application attempts to access a keyring item, the keyring
|
|
Packit |
1470ea |
manager will prompt the user to allow or deny that application access.
|
|
Packit |
1470ea |
This helps prevent malicious or poorly-written programs from accessing
|
|
Packit |
1470ea |
the user's sensitive data.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
Keyring data stored on the file system is encrypted with the AES
|
|
Packit |
1470ea |
block cipher, and SHA1 is used for hashes of the item's attributes.
|
|
Packit |
1470ea |
Using the attributes hash, the keyring manager is able to look up items
|
|
Packit |
1470ea |
requested by applications without ever unlocking the keyring. The
|
|
Packit |
1470ea |
keyring has to be unlocked when a matching item is found and
|
|
Packit |
1470ea |
accessed.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
The keyring manager also provides a session keyring. Items in
|
|
Packit |
1470ea |
the session keyring are never stored on disk, and are lost as soon as
|
|
Packit |
1470ea |
the user's session ends. The session keyring can be used to store
|
|
Packit |
1470ea |
passwords to be used in the current session only.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
If you use <link xref="tech-gio">GIO</link> to access remote servers, you
|
|
Packit |
1470ea |
automatically get the benefits of the keyring manager. Whenever GIO needs to
|
|
Packit |
1470ea |
authenticate the user, it provides the option to store the password, either
|
|
Packit |
1470ea |
in the default keyring or in the session keyring.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
You should use libsecret's keyring manager whenever your application needs
|
|
Packit |
1470ea |
to store passwords or other sensitive data for users. Using the keyring
|
|
Packit |
1470ea |
manager provides a better user experience while still keeping user data
|
|
Packit |
1470ea |
safe and secure.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<note>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
GNOME used a library called gnome-keyring before version 3.6 was
|
|
Packit |
1470ea |
released. In version 3.6 onward, libsecret is used instead. This allows
|
|
Packit |
1470ea |
sharing the keyring service between GNOME and other desktop environments
|
|
Packit |
1470ea |
and applications.
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
</note>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
<list style="compact">
|
|
Packit |
1470ea |
<item><link href="http://developer.gnome.org/libsecret/unstable/">Libsecret Reference Manual</link> </item>
|
|
Packit |
1470ea |
</list>
|
|
Packit |
1470ea |
|
|
Packit |
1470ea |
</page>
|