unable to unlok keyring from cli

[alfonz19]

I'd like to setup my env for passwordless login using u2f card, ie there is no password to unlock keyring with on startup, and prompt will appear on startup / on first use.

I found out, that I can simulate the situation it via locking the keyring using:

dbus-send --dest=org.gnome.keyring --print-reply /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService

and then trying to access it. It won't be possible then I can do:

read -rsp pass: pass; echo -n "$pass" | gnome-keyring-daemon --replace --unlock

to 'unlock' it. Seems successful, but key keyring (seahorse) is not unlocked. What am I doing wrong?

also I'm using gpgagent, maybe that could be somehow related? I'm really lost in this area:

export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye &> /dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)


thanks.

[AZgl1800]

To me,
it is much easier when doing a Fresh Install, to click the BOX for " Automatic Login "

That way, the PC will boot right up to the Desktop.
for me, my PCs are never out of my control, always in my house, or in my hands so that is not an issue.

[alfonz19]

Yes, that's an option for desktops, when you live alone without kids and work on your machine. For work laptops on not-that-secure locations and kids around, it's not ideal.

Typical solution is to have empty password in keychain. I can do that as last resort, or I can use password login and use u2f for other authentication only. That's trivial.

But really, if there is unlock option in `gnome-keyring-daemon --replace --unlock` and command allegedly succeeds, I'd like to have unlocked keyring. Maybe I'm doing something wrong...

[vanadium]

See "man gnome-keyring-daemon" with the "--unlock" option.