I have a hard time understanding the benefits of the keyring (e.g. GNOME keyring). I get the convenience parts - I don’t have to enter password for something every time I want to use it (e.g. mounted encrypted drive) and I don’t have to create a secret for some background stuff (applications keys). But the problem is, if I understand it correctly, that every application has the same access to my keyring, so, in theory, a malicious application can just read my Signal key and they can just read all my Signal messages right? Is there a point, then, in encrypting e.g. local database (like Signal) if the key to that database is readily available anyway? Any input is welcome. thanks!
I see, this would eliminate random apps from just grabbing the passwords anytime (though they can still poll if they are open). If I choose the auto-lock, I will have to enter password to the keyring often (depending on the time and how many apps need a password). Isn’t then more convenient AND more secure to use a password manager anyway? Apps can’t access my password from the password manager like they do from the keyring, so I could set longer auto-lock delay than the keyring and still be more secure and more convenient, right? Am I oversimplyfying too much? 😀
There are many options to consider. You could use a very short timeout and optimize for low friction unlock, such as with a thumb reader.
My advice, if you have an app you want to use that requires the keyring then use the keyring with it. In general, I say use a password manager.
The fact is, I am trying to determine what do I want to implement for my application. I am introducing database encryption and was thinking about doing what Signal is doing and not bothering the user and saving the key to the keyring, but now I am not sure if that is a good idea and maybe I will just ask user for a password…