How to disable GNOME Keyring on GNOME desktop
Last updated on November 15, 2020 by Dan Nanni
gpg-agent for SSH authentication when my key is on a separate USB security key card. However, I notice that when I log in to my GNOME desktop, gnome-keyring-daemon is already running, which appears to interfere with gpg-agent. How can I disable GNOME keyring on my Linux desktop?
GNOME Keyring is a daemon program which caches user's secret keys, login credentials and certificates, and makes them available to other applications requesting them according to the GnuPG protocol. Essentially GNOME Keyring plays the same role as gpg-agent, but is active only within GUI desktop sessions. GNOME Keyring also implements SSH agent protocol for SSH authentication to replace ssh-agent.
The problem is that GNOME Keyring's implementation for the GnuPG and SSH agent protocols is not complete. For example, unlike gpg-agent, GNOME Keyring cannot retrieve keys from smart card hardware. Thus when GNOME Keyring hijacks the connection to gpg-agent, a user is left with no available key when the key is stored in the smart card. Also, you cannot make GNOME Keyring load SSH keys selectively.
On your GNOME/Unity desktop, if you want to rely on the original gpg-agent or ssh-agent, instead of GNOME Keyring, for all security operations, here is how you can disable GNOME Keyring permanently for a particular user.
First, copy the original desktop files for GNOME Keyring to ~/.config/autostart.
$ cd /etc/xdg/autostart $ cp gnome-keyring-gpg.desktop gnome-keyring-ssh.desktop ~/.config/autostart
Then open each of these files with a text editor, and add the following line.
X-GNOME-Autostart-enabled=false
Log out and log back in to finalize.
Now GNOME Keyring should be deactivated for the logged-in user, and gpg-agent will manage the user's keys. When gpg-agent needs to ask the user for a GPG key passphrase, it will use a pinentry program (e.g., pinentry-gtk, pinentry-curses, etc) instead.
Obviously if you want to disable GNOME-Keyring system-wide, you can make the above change directly in the original desktop files (/etc/xdg/autostart/gnome-keyring-*.desktop).
Support Xmodulo
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean