How to disable GNOME Keyring on GNOME desktop

Question: I am trying to use gpg-agent for SSH authentication when my key is on a separate USB security key card. However, I notice that when I log in to my GNOME desktop, gnome-keyring-daemon is already running, which appears to interfere with gpg-agent. How can I disable GNOME keyring on my Linux desktop?

GNOME Keyring is a daemon program which caches user's secret keys, login credentials and certificates, and makes them available to other applications requesting them according to the GnuPG protocol. Essentially GNOME Keyring plays the same role as gpg-agent, but is active only within GUI desktop sessions. GNOME Keyring also implements SSH agent protocol for SSH authentication to replace ssh-agent.

The problem is that GNOME Keyring's implementation for the GnuPG and SSH agent protocols is not complete. For example, unlike gpg-agent, GNOME Keyring cannot retrieve keys from smart card hardware. Thus when GNOME Keyring hijacks the connection to gpg-agent, a user is left with no available key when the key is stored in the smart card. Also, you cannot make GNOME Keyring load SSH keys selectively.

On your GNOME/Unity desktop, if you want to rely on the original gpg-agent or ssh-agent, instead of GNOME Keyring, for all security operations, here is how you can disable GNOME Keyring permanently for a particular user.

First, copy the original desktop files for GNOME Keyring to ~/.config/autostart.

$ cd /etc/xdg/autostart
$ cp gnome-keyring-gpg.desktop gnome-keyring-ssh.desktop ~/.config/autostart

Then open each of these files with a text editor, and add the following line.

X-GNOME-Autostart-enabled=false

Log out and log back in to finalize.

Now GNOME Keyring should be deactivated for the logged-in user, and gpg-agent will manage the user's keys. When gpg-agent needs to ask the user for a GPG key passphrase, it will use a pinentry program (e.g., pinentry-gtk, pinentry-curses, etc) instead.

Obviously if you want to disable GNOME-Keyring system-wide, you can make the above change directly in the original desktop files (/etc/xdg/autostart/gnome-keyring-*.desktop).

Download this article as ad-free PDF (made possible by your kind donation): 
Download PDF

Subscribe to Ask Xmodulo

Do you want to receive Linux related questions & answers published at Ask Xmodulo? Enter your email address below, and we will deliver our Linux Q&A straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

Leave a comment

Your email address will not be published. Required fields are marked *