Package: gnome-keyring Version: 3.28.2-5 Severity: important Tags: security
I've come accross a bad interaction between gnupg2 and gnome-keyring. With the help of Daniel Kahn Gillmor, I could sort out some of the causes. In essence, pinentry-gnome3 focus-steals a check box that effectively stores your gpg pass phrase unencrypted on disk forever. gnome-keyring is a dependency of other packages (such as evolution) and as such not conciously installed. Once installed, it automatically starts and provides its services to client applications. It somehow decides how to store its keyring and the default seems to be encrypted, but in some situations it degrades to an unencrypted keyring without any user interaction. You cannot rely on your gnome-keyring to be encrypted. Now pinentry-gnome3 offers a checkbox to store your gpg pass phrase in this (possibly unencrypted) keyring. pinentry-gnome3 has the habit of stealing focus, which is prone to unintended actions such as checking exactly that box. It is difficult to blame any single one of these aspects for the whole interaction. Each aspect makes sense of its own, but the combination is bad. To alleviate that, Daniel proposes that gnome-keyring (or maybe it is libsecret, please reassign if necessary) communicates how the keyring is stored. Then, client applications such as pinentry-gnome3 can base policy decisions on the results. It would make sense for pinentry-gnome3 to only offer the "save in password manager" checkbox if the keyring is actually protected in some way. The first step to getting there is providing the information (== this bug report). Daniel also provided a way to prevent this interaction in general: echo no-allow-external-cache >> ~/.gnupg/gpg-agent.conf Doing so prevents any pinentry to ever share its passphrase with other applications such as gnome-keyring. Depending on how you use gpg (e.g. when password-store is your primary password manager), this may be your intended policy. It seems though that --no-allow-external-cache is not a sane default standard gnome installations. Helmut
