How to lock a unlocked GNOME Keyring?
Solution 1
One thing you could do if some suspicious activity takes place, is to kill the gnome-keyring-daemon like so :
kill -9 $(pgrep gnome-keyring-d)
You could simply do a simple script to make it automatically:
#!/bin/bash
case $1 in
hibernate)
pkill gnome-keyring-d
;;
suspend)
pkill gnome-keyring-d
;;
thaw)
;;
resume)
/usr/bin/gnome-keyring-daemon --daemonize --login
;;
*) echo "Somebody is calling me totally wrong."
;;
esac
Solution 2
You only need to call gnome_keyring_lock_all_sync().
Here's a simple program which does that:
lock-keyring.c:
#include <stdio.h>
#include <gnome-keyring.h>
int main() {
GnomeKeyringResult lock_result = gnome_keyring_lock_all_sync();
if (lock_result == GNOME_KEYRING_RESULT_OK) {
printf("Successfully locked\n");
return 0;
} else {
printf("Error locking keyring: %d\n", lock_result);
return 1;
}
}
Compile with cc lock-keyring.c -o lock-keyring -Wall $(pkg-config gnome-keyring-1 --cflags --libs)
Solution 3
The Gnome keyring can be locked via dbus:
dbus-send --dest=org.gnome.keyring --print-reply /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService
# or with qdbus
qdbus org.gnome.keyring /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService
Source: https://github.com/Intika-Linux-Apps/Gnome-Keyring-Tools/issues/1#issuecomment-443358508
Solution 4
In the main GUI of Gnome keyring (at least in the current version, which is seahorse 3.36), the user can right-click a keyring to get the context menu where an option to lock the keyring is available. It is also possible to create more keyrings in addition to the default one (called "login") and store passwords in different keyrings, so that the passwords are not available all at once.
Related videos on Youtube
11 : 11
02 : 09
02 : 21
02 : 22
01 : 42
cbun
Updated on September 18, 2022Comments
-
cbun almost 2 years
A password prompt is offered to unlock the GNOME Keyring when I login to my user account. I was wondering how to lock the keyring back in the same session it was unlocked? (I understand that I can logout and then login again for the same effect)
It may be helpful if, for some reason(s), I feel of some suspicious activity and want to first block all programs for further accessing keyring before I investigate the suspicious activity.
Also, is there anyway to just lock the GUI of GNOME Keyring (Seahorse)?
-
cbun over 10 yearsI was hoping for more cleaner way to do this. Nonetheless your answer serves the purpose. Sorry about late reply.
-
sxc731 almost 7 yearsThis looks very useful indeed, thanks! This is slightly off-topic but how would I get the necessary dependencies so I can build this goodie? I tried
sudo apt build-dep gnome-keyringandapt source gnome-keyring; this doesn't seem to bring the right headers etc. Cheers! -
Ángel almost 7 years@sxc731 Glad you find it useful! ☺ The packages needed will vary for each distro, in your Debian-based case, you are probably missing libgnome-keyring-dev
-
alexandre1985 about 5 years@Ángel This works when executed as command on terminal, but it isn't working oncron/cronie. Does anyone know why or have similar issue? -
Ángel about 5 years@alexandre1985 cron is running the command out of another session. You will probably need to set an environment variable (
DBUS_SESSION_BUS_ADDRESS?) so that it connects to the running keyring. You will have to either guess it (eg. looking on the path where it is created), or save the environment variables at the X session, and load them before locking the script. -
alexandre1985 about 5 years@Ángel Thank you soooo much! :) setting
DBUS_SESSION_BUS_ADDRESS(withenv) on my command inside of cron, did it! Thank you so much :D :D -
Ángel about 5 yearsYou're welcome, @alexandre1985
-
alexandre1985 about 5 years@cbun Look at this answer. I believe it deserves the correct answer badge! Instead of the one that has it now
-
Thomas Guyot-Sionnest over 3 yearsThis seems to be behaving in odd ways; LockService has been removed from latest specifications, replaces with a Lock call that takes the Collections to lock as parameter.
