I have a hard time understanding the benefits of the keyring (e.g. GNOME keyring). I get the convenience parts - I don’t have to enter password for something every time I want to use it (e.g. mounted encrypted drive) and I don’t have to create a secret for some background stuff (applications keys). But the problem is, if I understand it correctly, that every application has the same access to my keyring, so, in theory, a malicious application can just read my Signal key and they can just read all my Signal messages right? Is there a point, then, in encrypting e.g. local database (like Signal) if the key to that database is readily available anyway? Any input is welcome. thanks!
There are many options to consider. You could use a very short timeout and optimize for low friction unlock, such as with a thumb reader.
My advice, if you have an app you want to use that requires the keyring then use the keyring with it. In general, I say use a password manager.
The fact is, I am trying to determine what do I want to implement for my application. I am introducing database encryption and was thinking about doing what Signal is doing and not bothering the user and saving the key to the keyring, but now I am not sure if that is a good idea and maybe I will just ask user for a password…