Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's security credentials

[Michael]

> It's not been developed since 2005 if IIRC.
No that's wrong.

Ok, let's see! *sigh*

"Homepage" <http://svn.gnome.org/viewvc/gnome-keyring/trunk>

The encrypted keyring files are in ~/.gnome2/keyrings/
(what the heck is gnome_private then for ?)

Features:

2003-12-05  Alexander Larsson  <address@hidden>
        Added sha256 from beecrypt
        Use sha256 to get key and iv for aes crypto
        Add salt and hash rounds count.
        Warning: This changes the file format.
<http://svn.gnome.org/viewvc/gnome-keyring/trunk/doc/file-format.txt?view=log>


No-Swap <http://live.gnome.org/GnomeKeyring/Memory>



Selected NEWS:

Changes in version 2.19.91 are:
* In the PAM module we now support starting gnome-keyring-daemon when 
  the user's session actually starts, rather than during password validation.
  This makes us more solid and sane with GDM and well behaved PAM using
  applications. [Chris Rivera]


Changes in version 2.19.6 are:
* Now supports use of keyrings on removable drives. 
* PAM module to automatically unlock keyrings on login, or unlocking
* Simplify daemon code (now uses cooperative threading) and get it ready for
  other PKCS#11, SSH and other stuff running in same process.

Changes in version 2.19.5 are:
* API Documentation

Changes in version 2.19.4 are:
* Log warning and error messages to syslog when running as a daemon.

Changes in version 2.19.2 are: 
* Use libgcrypt instead of hand-rolled encryption algorithms.

Some Changelogs:

=== gnome-keyring 2.20 ===

2007-09-17  Stef Walter  <address@hidden>
        * NEWS: Release gnome-keyring 2.20


2007-08-19  Stef Walter  <address@hidden>
        * pam/gkr-pam-module.c: Correctly start the daemon from PAM's
        pam_sm_open_session callback rather than the pam_sm_authenticate,
        when the 'auto_start' flag is set on the 'session' line.
        This makes us more solid and sane with GDM and well behaved PAM 
        using applications. Fixes bug #467852. Patch from Chris Rivera
        
2007-08-19  Stef Walter  <address@hidden>
        * pam/gkr-pam-client.c: stat the socket and check for correct 
        user before connecting to it from the PAM module, and sending 
        password there. 
        

Alternatives (there may be more) - just FYI

(1) KeePassX 

Homepage <http://keepassx.sourceforge.net/>

It's cross-platform l/w

"The complete database is always encrypted either with AES (alias Rijndael) or 
Twofish encryption algorithm using a 256 bit key."


(2) KWallet

KDE 3.2 will include a new subsystem for storing sensitive data such as 
passwords, web forms and certificates in strong encryption containers known as 
"wallets". This behavior mirrors the behavior of implementations such as 
Mozilla's Wallet, Apple's Key Ring, and other similar subsystems. It also 
extendes these concepts by implementing generic storage mechanisms and user  
interfaces, allowing more complex data to be stored and shared amongst 
applications as well as allowing the user to easily manage the stored data and 
control which applications may access it. This paper will outline the 
architecture of KWallet as well as discuss how and why application developers 
should take advantage of what KWallet has to offer. It will include examples of 
applications presently using KWallet.

(I think kwallet is part of kdelibs)

... someone should google and see where we would get if someone googled :)