Ubuntu Tutorials

This post is an update to an article I wrote some years ago. There have been some changes in the configuration between now and then, so I felt this warranted an update. The original article in question is: Clearing or Resetting the GNOME keyring. This article addresses the issue where a user may have forgotten or otherwise become locked out of their keyring. The keyring, of course, allows for the management of SSH, GPG and other keys through a central tool and interface.

The problem

You are prompted by the system to enter your keyring passphrase in order to unlock additional keys. None of your passphrases work–somehow you have become locked out of your keyring. In this situation you may not be able to unlock needed keys, such as passwords, SSH or GPG keys.

The solution

The only solution that I’ve been able to come up with is to delete the keyring contents, including the incorrect or corrupt passphrase. Note: this will destroy all stored keys in the keyring, requiring that they be re-imported. Other than the need to “start over” with the keyring manager, this solution should be otherwise harmless.

Method 1:

It is possible to clobber your keyring passphrase and settings from the Terminal. Open a terminal (Applications > Accessories > Terminal), and run the command:

rm ~/.gnome2/keyrings/login.keyring

On older systems you may need to try:

rm ~/.gnome2/keyrings/default.keyring

Method 2:

The second method bypasses the Terminal and uses the graphical interface strictly. To delete your current keyring, follow the steps below:

1. Navigate to Applications > Accessories > Passwords and Encryption Keys
2. Select the far-right tab “Passwords”
3. Select your keyring
4. Right-click and attempt “Change Password” or, if that doesn’t work, select “Delete”

Additional:

If you continue to have problems I would suggest looking for additional tips in the comments here or here.

I know many of you use Launchpad’s “Personal Package Archive” for updated and beta packages. I have about a half-dozen configured on my machine to give me the latest and greatest of my favorite applications. The one problem with a PPA though is that the packages can’t be verified when downloaded because you don’t have the GPG imported into your Apt Keyring. The following command is a template that you can use to import whatever PPA based keys you have warnings on:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <key id>

You can gather the <key id> in the output of:

sudo apt-get update

You should see the warnings, along with the key id at the bottom of the output.

For each GPG key that you get a warning on, run the command above, and you’ll stop seeing the warnings. You will have imported that team/project’s GPG key into your keyring, considering them trusted.

This post is in part an update to my previous post on resetting the gnome keyring, and partly due to my continued laziness, efficiency push. I want my machine to do everything for me anymore. The less tedious work I have to do the more actual work I can get done, right? This post will walk you through setting up your machine to auto-authenticate the gnome-keyring at login. One less password you have to enter when you login to your machine.

Installing the Package

We’ll need one tiny package for this to be supported. Using your favorite package manager install libpam-keyring, or use the following command:

sudo aptitude install libpam-keyring

Configuring PAM

Once this is installed we need to add a few lines to a configuration file. Follow this next step carefully. If you put the line in the wrong place it may cause problems with other parts of machine authentication.

Edit the /etc/pam.d/gdm file and append the following line to the end of the file:

@include common-pamkeyring

At this point the gnome-keyring will be handed your login password and, if they are the same, will be authenticated at login. If your login password and gnome-keyring password are different this will not work. Options? Set the passwords to match by first resetting the gnome-keyring password (this will wipe any saved keyring data) or come up with a solution that will authenticate one with the other, even if they are not the same. The latter solution I would be interested in, but am not aware of.

Thanks to Thad for the origins of this post, although slightly different between FC6 and Feisty.

UPDATE: Reset GNOME Keyring Password on Ubuntu

I ran into the weirdest problem the other day.  My gnome-keyring prompted me for a keyring password to authorize the use of a key, but didn’t want to take any of my passphases.  I tried any passphrase I could think of to no use.  My gnome-keyring, for whatever reason, was basically useless at this point.

I did a little bit of digging and found a solution here on the Ubuntu Forums.  Let me outline the quick fix if you ever run into the same problem.

Command Line Version

rm ~/.gnome2/keyrings/default.keyring

GUI Version

Navigate to Places > Home.  Press ctrl-h for "hidden files".  Navigate to .gnome2 > keyrings.  Delete default.keyring file.

At this point your gnome-keyring should be toast and you can reset the password on next use.  If anyone has any other ways around resetting the password without destroying the keyring I’m all ears.