Password storage for Ubuntu Touch

Registered by Alberto Mardegan on 2013-03-20

On Ubuntu desktops the GNOME keyring provides an encrypted storage for passwords and other secrets. We are now considering whether we want to use the same solution for phones and tablets.

Blueprint information

Status:
Not started
Approver:
Thomas Voß
Priority:
Undefined
Drafter:
Alberto Mardegan
Direction:
Approved
Assignee:
None
Definition:
Discussion
Series goal:
Accepted for saucy
Implementation:
Unknown
Milestone target:
milestone icon ubuntu-13.06

Related branches

Sprints

Whiteboard

The initial discussion about this topic took place in this mailing list thread:
https://lists.launchpad.net/ubuntu-phone/msg01128.html

Different solutions have been suggested, but it seems that compliance to the freedesktop.org Secrets specification [0] is an agreed goal.

Here are the options considered, with their pros (+) and cons (-):

* Use GNOME keyring
  + It's done
  + The GNOME keyring service doesn't seem to depend on Gtk+ (the UI belongs to a different process)
  + (?) Optionally can provide SSH agent and GPG agent
  - Modifications might be needed for optimized mobile use (i.e., exit after some time of inactivity)
  - File format is non standard, needs a specialized viewer

* Develop something new
  + Optimized for our intended use
  + If it used a SQLite DB over encFS, we wouldn't need a specialized viewer
  + Could be integrated as a signond (Online Accounts's daemon) extension
  - Need to write from scratch (not that difficult, though)

* No specialized password storage, use a wholly encrypted home
  + Simplest solution
  - Poses hardware requirements which we might not always meet

Another point of this blueprint is discussing how and when to lock/unlock the password storage. This is almost orthogonal to the technology chosen, though it might indeed affect that point.
Items on discussion:
- Should the master password be chosen by the user? If so, when?
- It would be nice to be able to unlock the password storage by means of human recognition techniques or hardware keys (such as the SIM)

Proposal
=========

Investigate if the GNOME keyring can run on Ubuntu Touch devices. If there are changes needed in order to get it working, estimate their required work time.
Find out what are the plans for user authentication; if Ubuntu Touch is a multi-user device, logging in will probably require a password or some other identification which should ultimately be serialized into a password which we could use as master password for the secrets storage.
Until the designs of the login process are fully defined, play safe and don't invest precious resources on developing a fully blown solution; if the GNOME keyring can't be used as-is, just develop a minimal service providing the freedesktop.org Secrets API using plain password storage. This will get re-done once the designs plans are clear.

[0] http://standards.freedesktop.org/secret-service/

(?)

Work Items

Work items for ubuntu-13.04-month-5:
[ted] Test GNOME keyring on a Ubuntu Touch device: DONE
[mardy] Get in touch with GNOME keyring project to check whether they are aware of any potential issues: DONE
[mardy] Find which applications/services are currently using the GNOME keyring: TODO
[katie] Check if there are more use-cases for an encrypted storage, besides Online Accounts: TODO

Work items for ubuntu-13.06:
[mardy] Use libsecret instead of the obsolete libgnome-keyring: DONE

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.