Bug#627965: [gnome-keyring] There's no way to use gnome-shell while the keyboard is grabbed by the dialog waiting for password.

Petr Gajdůšek gajdusek.petr at centrum.cz
Thu May 26 23:33:13 UTC 2011 

Hi,

Let's look at gnome-keyring-prompt related issues:

1) It offers possibility to copy a secret (i.e SSH, PGP passwords) into 
the login keyring (that I like to be unlocked while I am logged in), but 
there is no possibility to copy that secret to another keyring. And this 
cannot be accomplished either in seahorse - D&D and copy/paste do not 
work and there's no way to create it manually. So I have 3 possibilities:

a) leave my secrets unprotected all the time I am logged in
b) do not unlock login keyring by default, but then I am forced to 
manually unlock the ring even for not-so-secret passwords and, moreover, 
there is missing "forget instantly" option in gk-prompt.
c) leave SSH and PGP passwords outside the login keyring, but then I 
must remember them - or store them in another secrets keeping 
application, but keyboard grabbing prevents accessing it.

2) If keyboard is grabbed with no possibility to release it, how I am 
suppose to generate or to enter just generated password? How copy the 
password from an e-mail, IM message, text file etc.?

Gk-prompt may also be displayed at the end of a long chain of preceding 
actions/events. Being forced to repeat all steps/or take additional 
actions because I forget to copy the password into the clipboard, or 
didn't know I will need it, is rather painful.

> So you need a secrets keeping application to keep secrets for a secrets
> keeping application?

Hmm, gnome-keyring or precisely suboptimal/obsoleted ways other 
applications are using it, in combination with the only and too 
primitive user interface - seahorse and limiting gk-prompts was never 
general purpose secrets keeping facility fulfilling my needs. IMHO it is 
intended to be one, but seemingly it will not be the case for 
foreseeable future.

I blame most applications are storing/retrieving secrets in a way only 
they understand - storing secrets as a generic secret type with 
application-specific properties, using only login (or even 'default') or 
some hard-wired keyring and not bothering to search other keyrings.

Seahorse has still VERY limited scope of usage and except SSH and PGP 
keys that are pretty useful already, there is only one more secret type 
user can create/edit - generic secrets reduced to description (limited 
to 32 chars) with associated password pairs. I know this is limitation 
in seahorse, not in gnome-keyring, but this does not change anything. 
For these and many more reasons seahorse cannot still replace GUI of 
other secrets keeping applications.

Not mentioning gnome-centric attitude and the absence of any command 
line interface or dbus support (not sure if it is not ready - I cannot 
find any API though) to be able to use it with scripts/applications not 
using libgnome-keyring.

>
> Way to go.
>

How can I move my entire secrets collection consisting of hundreds 
accounts of many types including real-life secrets, organized in 
tree-like structure, with descriptions and additional information to 
gnome-keyring and be able to effective use them even in applications or 
scripts that do not use gnome-keyring library, and manage them via GUI 
interface?

I would like to use gnome-keyring for all my secrets but it is too far 
from being sufficient.


-- 
Regards,
Petr Gajdůšek

More information about the pkg-gnome-maintainers mailing list