MX Linux Forum

whenever I booted this OS from a computer-off state the keyring was NOT unlocked automatically by my logging in.
I believe I have got around the problem by changing my keyring password to blank

This was the same for me, even though I don't auto login. I was not unduly troubled by it as I used firefox but a couple of months ago I switched to using Brave ( a chromium base browser) and started getting the keyring popups. I did the same thing blanked the password and bingo.
I am guessing chromium is protecting the passwords it offers to save for you in those keyrings. And as I dont let it do that ( I use lastPass ) I dont have any security issues by not password protecting the keyring ....unless someone can tell me otherwise?

wellsey wrote: Sun Jul 28, 2019 12:18 pm ....unless someone can tell me otherwise?

Chrome stores within Gnome-keyring passwords for web-sites, if allowing to store passwords was not deselect.

Chrome stores it's "Chrome Safe Storage" master key during installation or first time run as an application password. This "master" key is used by Chrome to encrypt/decrypt securely any data stored within the local store-databases.

To get a rough idea what this might be: press F12 -> Application Tab -> Storage.

Not sure whether Chrome has a reason to protect that data, but I guess there must be one.

If it is considered to be not worth to protect that data, opening Chrome /chromium using this command line flag:
--password-store=basic
will disable secure protection and chrome will not protect any data/password stored.

Having gnome-keyring set to use an empty password, will also have all other application using gnome-keyring to store the application related passwords/data unprotected.
HTH

Thanks for the reply Fehlix

Please, explain me:

• How can I check that my passwords are not a plain text saved in file?
• How can I view the current chromium flag value --password-store?
• Possible values are: kwallet, kwallet5, gnome, gnome-keyring, gnome-libsecret, basic. Which one will be correct for libpam-gnome-keyring?
• How can I define it permanently in MxLinux?

simwin wrote: Tue Jun 30, 2020 3:55 am Please, explain me:

• How can I check that my passwords are not a plain text saved in file?
• How can I view the current chromium flag value --password-store?
• Possible values are: kwallet, kwallet5, gnome, gnome-keyring, gnome-libsecret, basic. Which one will be correct for libpam-gnome-keyring?
• How can I define it permanently in MxLinux?

The default auto-detected flag in MX Linux is "detect": --password-store=detect
Which defaults in MX Linux Xfce to --password-store=gnome
You can check it this way: Open Password and Keys (aka seahorse), lock the default keyring and start chromium, it will ask to unlock the default login keyring. The default login keyring will be unlocked during Session login after you entered the login-password. If you have enabled auto-login, the default-login keyring cannot be unlocked, so chromium would always ask to manually unlock.

fehlix wrote: Tue Jun 30, 2020 5:14 am

simwin wrote: Tue Jun 30, 2020 3:55 am Please, explain me:

• How can I check that my passwords are not a plain text saved in file?
• How can I view the current chromium flag value --password-store?
• Possible values are: kwallet, kwallet5, gnome, gnome-keyring, gnome-libsecret, basic. Which one will be correct for libpam-gnome-keyring?
• How can I define it permanently in MxLinux?

The default auto-detected flag in MX Linux is "detect": --password-store=detect
Which defaults in MX Linux Xfce to --password-store=gnome
You can check it this way: Open Password and Keys (aka seahorse), lock the default keyring and start chromium, it will ask to unlock the default login keyring. The default login keyring will be unlocked during Session login after you entered the login-password. If you have enabled auto-login, the default-login keyring cannot be unlocked, so chromium would always ask to manually unlock.

Yes, I've checked it - chromium ask to unlock the default login keyring. But why I can not see chromium saved passwords in seahorse?

simwin wrote: Tue Jun 30, 2020 8:33 am

fehlix wrote: Tue Jun 30, 2020 5:14 am

simwin wrote: Tue Jun 30, 2020 3:55 am Please, explain me:

• How can I check that my passwords are not a plain text saved in file?
• How can I view the current chromium flag value --password-store?
• Possible values are: kwallet, kwallet5, gnome, gnome-keyring, gnome-libsecret, basic. Which one will be correct for libpam-gnome-keyring?
• How can I define it permanently in MxLinux?

The default auto-detected flag in MX Linux is "detect": --password-store=detect
Which defaults in MX Linux Xfce to --password-store=gnome
You can check it this way: Open Password and Keys (aka seahorse), lock the default keyring and start chromium, it will ask to unlock the default login keyring. The default login keyring will be unlocked during Session login after you entered the login-password. If you have enabled auto-login, the default-login keyring cannot be unlocked, so chromium would always ask to manually unlock.

Yes, I've checked it - chromium ask to unlock the default login keyring. But why I can not see chromium saved passwords in seahorse?

It holds only the "master" key(s), the "encrypted storage" is internal within chromium somewhere.

fehlix wrote: Tue Jun 30, 2020 8:35 am

simwin wrote: Tue Jun 30, 2020 8:33 am

fehlix wrote: Tue Jun 30, 2020 5:14 am
The default auto-detected flag in MX Linux is "detect": --password-store=detect
Which defaults in MX Linux Xfce to --password-store=gnome
You can check it this way: Open Password and Keys (aka seahorse), lock the default keyring and start chromium, it will ask to unlock the default login keyring. The default login keyring will be unlocked during Session login after you entered the login-password. If you have enabled auto-login, the default-login keyring cannot be unlocked, so chromium would always ask to manually unlock.

Yes, I've checked it - chromium ask to unlock the default login keyring. But why I can not see chromium saved passwords in seahorse?

It holds only the "master" key(s), the "encrypted storage" is internal within chromium somewhere.

Ok! Thank you for consult!

fehlix wrote: Tue Jun 30, 2020 8:35 am

simwin wrote: Tue Jun 30, 2020 8:33 am

fehlix wrote: Tue Jun 30, 2020 5:14 am
The default auto-detected flag in MX Linux is "detect": --password-store=detect
Which defaults in MX Linux Xfce to --password-store=gnome
You can check it this way: Open Password and Keys (aka seahorse), lock the default keyring and start chromium, it will ask to unlock the default login keyring. The default login keyring will be unlocked during Session login after you entered the login-password. If you have enabled auto-login, the default-login keyring cannot be unlocked, so chromium would always ask to manually unlock.

Yes, I've checked it - chromium ask to unlock the default login keyring. But why I can not see chromium saved passwords in seahorse?

It holds only the "master" key(s), the "encrypted storage" is internal within chromium somewhere.

Please help! :) Chromium, Chrome and Opera can't use gnome-keyring and I don't know why, what was doing by me... may be - intalling nodm (no display manager), but when I switch to lightdm the problem isn't disappeared

ps aux | grep gnome

• /usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh
• /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
• /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session

Now I use nodm and unlock gnome keys in seahorse by hands. In login chain keys section chromium, chrome, opera can't generate its keys. With lightdm the result is the same.

simwin wrote: Tue Jul 21, 2020 7:29 pm Plese help! :) Chromium, Chrome and Opera can't use gnome-keyring and I don't know why, what was doing by me...

Any error message?