I have a hard time understanding the benefits of the keyring (e.g. GNOME keyring). I get the convenience parts - I don’t have to enter password for something every time I want to use it (e.g. mounted encrypted drive) and I don’t have to create a secret for some background stuff (applications keys). But the problem is, if I understand it correctly, that every application has the same access to my keyring, so, in theory, a malicious application can just read my Signal key and they can just read all my Signal messages right? Is there a point, then, in encrypting e.g. local database (like Signal) if the key to that database is readily available anyway? Any input is welcome. thanks!
I believe that if your login password and gnome keyring password are the same, then the keyring will automatically unlock during login as well. That’s something to consider as I’m sure people commonly reuse their password for both. The gnome keyring would sit unlocked until timeout occurs on every login.
That is the default behavior on most mainstream distros. And there is no timeout either, it stays unlocked the whole time you are logged in. In most cases users do not even know they have something like this and what is its purpose (seen a lots of confused people on forums asking about it when they start being prompted for password when they get mismatched from the login one for some reason).
I had to recheck the timeout mention, and you are totally correct.
You can set it to timeout but the default for most distros appears to be that it stays unlocked which is crazy.