gnome-keyring caches PGP password eternally
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg2 (Ubuntu) |
New
|
Low
|
Unassigned |
Bug Description
I've been using the program `Pass` to manage my passwords, which uses a PGP key that I created for this purpose. I began noticing that after my first use of the passphrase gnome-keyring would cache the passphrase and no longer request it. This is a security issue as anyone with access to my machine can gain access to all of my passwords.
I assumed the settings could be tweaked, so I used `dconf-editor` to edit the `gpg-cache-method` file to use `timeout` instead of the default setting. I also changed the `gpg-cache-ttl` to 1 second from the default, which was 300 I believe. I then restarted the keyring with `$ gnome-keyring-
This successfully reset the keyring and I was prompted for my password. However, it only worked once. After entering the password, gnome-keyring cached my password and this survives logging out or restarting the computer.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-keyring 3.28.0.
ProcVersionSign
Uname: Linux 4.15.0-30-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sat Aug 11 07:38:49 2018
InstallationDate: Installed on 2018-04-26 (106 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180425.1)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-keyring
UpgradeStatus: No upgrade log present (probably fresh install)
Thank you for your bug report, that's similar to what is described on https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 792442
gnome-keyring is not acting as a gpg agent anymore, those settings still available but not used can be confused and it's a bug but the request to change the default behaviour is for gpg-agent so reassigning