What is the "keyring" or "keychain"?

by simplyme   Last Updated January 15, 2018 12:02 PM

Can someone please explain what Ubuntu's keychain or keyring is, as well as use cases for it?

Answers 4

Which keychain do you mean?

  • There's the apt keyring, that is used for verifying downloaded packages. This helps to prevent malicious software from being installed via apt.
  • There's your user keyring where good apps store passwords (such as mail passwords, wifi passwords)

And then there's this. Guess what that is good for :)

Dennis Kaarsemaker
Dennis Kaarsemaker
August 08, 2010 20:34 PM

A keyring basically stores all your various passwords and allows you to access them with one master password. So instead of having to enter passwords for my wireless, email and ubuntu one accounts separately I just enter one master password to unlock my keyring. Then I have access to all the accounts stored in that keyring.

If you set your keyring password to the same as your login password the keyring will be unlocked when you sign in at boot up.

August 09, 2010 00:34 AM

The Gnome Keyring is used by Gnome-ish apps to store secrets on your behalf. The secrets are stuff like SSH keys, keys to wifi networks, et cetera.

If you want to poke at your keyring, go to the Accessories menu and run the app called "Passwords and Encryption Keys." It will show your a number of folders on the Password tab - each one of those is called a keyring. Each entry under a folder is a password. Double click on them to see their contents.

The reason a keyring is provided is that applications have to store secrets somewhere. It's easy for programmers to make a mistake and leave secrets around for anyone to read. In theory, the Gnome Keyring should store passwords for everything and do it right.

(You should always exercise a minimum of security - add a password to keyrings that you care about, keep your computer physically safe, etc)

August 09, 2010 03:22 AM

If you mean the package/command named keychain:

keychain is a manager for ssh-agent, typically run from ~/.bash_profile. It allows your shells and cron jobs to easily share a single ssh-agent process. By default, the ssh-agent started by keychain is long-running and will continue to run, even after you have logged out from the system.

So in short, it's a tool to make ssh-agent easier to use.

January 15, 2018 11:52 AM

Related Questions

How do I back up and restore Passwords and Keys?

Updated April 21, 2017 15:02 PM

How can I merge multiple keyrings into a single one?

Updated November 08, 2017 20:02 PM

How to stop repeated password prompts?

Updated November 06, 2017 04:02 AM

Can't transfer seahorse keyrings [16.04]

Updated February 09, 2018 00:02 AM