From 8ec8c11ccfaf8104faf9a109bf4fe25b81a5dd79 Mon Sep 17 00:00:00 2001 From: Recolic Keghart <root@recolic.net> Date: Thu, 9 May 2019 02:10:59 -0700 Subject: [PATCH] add help --- README.md | 26 +++++++++++++++++++ ..._from_secret_file.sh => unlock_keyrings.sh | 0 2 files changed, 26 insertions(+) rename unlock_keyring_from_secret_file.sh => unlock_keyrings.sh (100%) diff --git a/README.md b/README.md index 50a1ebd..56e69e2 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,32 @@ But why are you using yubikey for login? Because I don't want to type the FUCKIN Currently the only solution is to set the password of `login` keyring to empty. But it's not secure. (If your harddisk got fucked one day, the hacker can get ALL your password saved by chromium, get everything in your keyring.) +## Solution + +I encrypt the `keyring-name : password` pair with GnuPG and save it as `secret-file`. Then on starting gnome, you have yubikey inserted. Then an auto-started script call GnuPG to decrypt the secret file, and pipe use the password to unlock your keyring. GnuPG will ask you to insert yubikey. + +## Usage + +First, build the project from source. +``` +git clone https://github.com/recolic/gnome-keyring-yubikey-unlock +cd gnome-keyring-yubikey-unlock/src && make && cd .. +``` + +Then, create your secret file. +``` +gnome-keyring-yubikey-unlock/create_secret_file.sh /path/to/your_secret [Your GnuPG public key] +# input your keyring:password +``` + +Then, add the following command to gnome-autostart. You should know how to auto-run a command after starting gnome. + +``` +/path/to/this/project/unlock_keyrings.sh /path/to/your_secret +``` + +You're all set! Re-login and have a try! + ## TODO This program is using deprecated `libgnome-keyring-1` rather than `libsecret`, only because the author can not understand how to use `libsecret`. There's almost no document! (If you think auto-generated document is document, then all source code are well documented. ) diff --git a/unlock_keyring_from_secret_file.sh b/unlock_keyrings.sh similarity index 100% rename from unlock_keyring_from_secret_file.sh rename to unlock_keyrings.sh -- GitLab