5

So I keep getting this unlock keyring popup when I login to Ubuntu automatically. There is a fix here: How can I stop being prompted to unlock the 'default' keyring on boot?

I have been googling around for about an hour and the solution to this problem seems to always be the same: disregard security entirely by leaving the password blank OR turn off auto login.

I would really like to find a way to use the auto login feature AND avoid seeing this popup without leaving passwords unencrypted.

Is it possible to get this bug fixed upstream so that users wouldn't have to fight with this auto login defeating popup?

Thank you in advance!

Community
  • 1
Negatar
  • 173
  • I changed the wording of your question to make it less heated. Please remember that text communication is very easily interpreted as agressive. We don't see your body language and we can't hear if you're shouting or not. Never use all caps unless you want people to get angry. – Merlijn Sebrechts Jan 22 '16 at 16:44

4 Answers4

1

There is no way to have a keyring password enabled, use auto login and disable the poppup. This is made by design.

The password should be entered some way. If you enable auto login, then you do not enter a password.

If anyone can start the system without entering any password, what is the reason to have a keyring password enabled?

Your suggestion does not make any sense at all. And it is not a bug. Thus it won't be fixed.

Pilot6
  • 90,100
  • 91
  • 213
  • 324
  • 1
    Just seems to matter so Chrome stores encrypted passwords. Would be nice if those passwords would auto unlock and remain encrypted so Chrome doesn't store them in plain text. I understand the argument against this, if you're dealing with people being able to walk up to the machine and just turn it on; but, it's just me who has access to the machine physically. – ZeroPhase Jun 27 '18 at 04:58
  • Why does it need to be a popup though? In previous versions it was totally possible for programs to ask for passwords manually if they wanted them. Often they asked via cli, which was very nice. – Clumsy cat Feb 08 '21 at 08:56
1

Although your question is very legitimate, you are asking something that is literally impossible.

You need a key to encrypt and decrypt something. When you use a login, the login password is used as a key to encrypt and decrypt the keyring. When you don't use a login, there is nothing to encrypt the keyring with. The only option is that the OS stores the key on your computer. Locking a safe and leaving the key in the keyhole is useless. That is what your computer would be doing if it encrypts the keyring and stores the password.

Merlijn Sebrechts
  • 7,394
  • 1
  • 42
  • 70
  • 2
    Locking a safe and leaving the key in the keyhole is useless. so... does your apache server asks for your certificate private key on every connection? :) – RASG May 15 '17 at 11:01
  • There is a case where this argument doesn't hold water, though. If you do whole-disk encryption, you are prompted for your encryption key early in boot. It's then natural to enable auto-login to avoid entering your password again - but this is self-defeating because now you have to enter your password to unlock the keyring. – Tom Dec 11 '23 at 09:29
  • @Tom In your case, you should just not encrypt the passwords, since they're already encrypted using whole-disk encryption. Moreover, by default, your user directory is already encrypted, so by default you even have two layers of encryption.

    It's easy to use the keyring without a password. Just choose not to use encryption. But when you use encryption, you will need to give in your password.

     – Merlijn Sebrechts Dec 12 '23 at 12:19
  • @MerlijnSebrechts - But they are defending against fundamentally different threats. Whole-disk encryption is protection against someone who gets physical access to your machine - steals it, basically - and prevents them from getting at the data on it. Encrypting your keyring is protection against someone who gains a foothold on your machine while it is running. Whole-disk encryption is no help against a rogue application that tries to steal your keys and transmit them to a server. Just saying "it's already encrypted" is no help - the defence isn't in encryption, it's how the keys are kept. – Tom Dec 12 '23 at 14:48
  • Tom, everything you're saying is correct, but it's completely besides the point. This question is asking about encrypting a keychain and then automatically decrypting it at automatic login. With this automatic decryption at automatic login, the keychain would still be vulnerable to any threats you talk about. – Merlijn Sebrechts Dec 12 '23 at 20:04
0
  1. Go Ubuntu Apps > "Password and Keyring"
  2. Right-click on "Login" > "Change Password"
  3. Use your same old password.

Here is the source with pictures on Unity, Gnome is not different, same process

quborg
  • 9
0

I used to get these "Default Keyrings" popups whenever I used to click on Chrome browser. This happens when you change your system/user password. This solution has worked for me so please let me know if this was of any help for you. Just go through the steps given below.

Go to Files > "Press Ctrl+H" > .local > share > keyrings.

There will be 2 files in keyrings folder. Only delete "login.keyring" and then restart the system. When you enter your User ID and password, your keyrings password will also get updated automatically and the pop up will also stop. Don't worry about deleting the "login.keyring" file as it will be generated again automatically when you login your system.

Gyaneshwar Singh
  • 1
  • 1
    Hello. This statement in your answer is wrong <This happens when you change your system/user password.> You get that period you do not need to have changed your password to receive that pop up. – David Apr 14 '22 at 07:59