How to lock a unlocked GNOME Keyring?

Question

A password prompt is offered to unlock the GNOME Keyring when I login to my user account. I was wondering how to lock the keyring back in the same session it was unlocked? (I understand that I can logout and then login again for the same effect)

It may be helpful if, for some reason(s), I feel of some suspicious activity and want to first block all programs for further accessing keyring before I investigate the suspicious activity.

Also, is there anyway to just lock the GUI of GNOME Keyring (Seahorse)?

Answer 1

The Gnome keyring can be locked via dbus:

dbus-send --dest=org.gnome.keyring --print-reply /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService
# or with qdbus
qdbus org.gnome.keyring /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService

Source: https://github.com/Intika-Linux-Apps/Gnome-Keyring-Tools/issues/1#issuecomment-443358508

Answer 2

You only need to call gnome_keyring_lock_all_sync().

Here's a simple program which does that:

lock-keyring.c:

#include <stdio.h>
#include <gnome-keyring.h>

int main() {
    GnomeKeyringResult lock_result = gnome_keyring_lock_all_sync();
    if (lock_result == GNOME_KEYRING_RESULT_OK) {
        printf("Successfully locked\n");
        return 0;
    } else {
        printf("Error locking keyring: %d\n", lock_result);
        return 1;
    }
}

Compile with cc lock-keyring.c -o lock-keyring -Wall $(pkg-config gnome-keyring-1 --cflags --libs)

Answer 3

Gnome Keyring GUI application is called Seahorse and shows as "Passwords and Keys" in the menu. Seahorse can manage multiple collections and you can lock them directly from the GUI (they appear under Passwords in the sidebar) simply by clicking on the padlock icon next to each of them. By default you will have only the Login collection.

If you don't see the sidebar, click on View then check By Keyring to display it.

---

If you wish to do this from shell, ex. automatically, this python oneliner will lock all collections, loosely based on what seahorse is doing when locking keys:

python -c 'import dbus; bus=dbus.SessionBus(); bus.call_blocking("org.freedesktop.secrets", "/org/freedesktop/secrets", "org.freedesktop.Secret.Service", "Lock", "ao", [bus.call_blocking("org.freedesktop.secrets", "/org/freedesktop/secrets", "org.freedesktop.DBus.Properties", "GetAll", "s", ["org.freedesktop.Secret.Service"]).get("Collections", [])])'

Expanded, it would look like this:

#!/usr/bin/env python
import dbus
bus = dbus.SessionBus()
Get Collections array
collections = bus.call_blocking(
    "org.freedesktop.secrets", "/org/freedesktop/secrets",
    "org.freedesktop.DBus.Properties", "GetAll",
    "s", ["org.freedesktop.Secret.Service"]
).get("Collections", [])
Lock all Collections (return value is an array of locked collections)
bus.call_blocking(
    "org.freedesktop.secrets", "/org/freedesktop/secrets",
    "org.freedesktop.Secret.Service", "Lock",
    "ao", [collections]
)

Answer 4

In the main GUI of Gnome keyring (at least in the current version, which is seahorse 3.36), the user can right-click a keyring to get the context menu where an option to lock the keyring is available. It is also possible to create more keyrings in addition to the default one (called "login") and store passwords in different keyrings, so that the passwords are not available all at once.

Answer 5

One thing you could do if some suspicious activity takes place, is to kill the gnome-keyring-daemon like so :

kill -9 $(pgrep gnome-keyring-d)

You could simply do a simple script to make it automatically:

#!/bin/bash
case $1 in
    hibernate)
        pkill gnome-keyring-d
        ;;
    suspend)
        pkill gnome-keyring-d
        ;;
    thaw)
        ;;
    resume)
        /usr/bin/gnome-keyring-daemon --daemonize --login
        ;;
    *)  echo "Somebody is calling me totally wrong."
        ;;
esac

source