What does a Keyring do?

I know how to disable it, circumvent it, and that it saves stuff. However, when asked "what is it for, why is it there, and how does it work" I'm at a loss for words. What's more disturbing is there doesn't seem to be much of anything content-wise for those questions on the internet.

So once and for all. What is a Keyring, why is it on my computer, and how does it work?


A keyring is a "stored database" -- I'm using this term lightly -- of your login information stored on your local PC. It's wrapped by some magic voodoo encryption schema (PKCS#11 - this is used for secure storage on removable media) so it's going to be relatively secure from prying eyes.

It provides a common backend for (insert framework here, we will use gnome for an example) to CRUD (create, read, update, delete) your login information without "rolling your own solution". It keeps a consistent interface for programmers utilizing that particular framework. KDE provides its own keyring, Gnome has another implementation of it.

Evolution, Firefox, Net-man all utilize this interface. When you place your email server credentials into Evolution it asks you to store that information in the keyring. If you opt into it, it passes the data off to the keyring service and voilà, it's stored. Evolution only has to subsequently call the keyring service on startup to retrieve that information.

The big idea here is that if someone else were to access your PC and did not know the master password to your keyring, they could not access your stored login information. The same principle is put to use by lastpass.com's addon for your browser. (only it's distributed, meaning I can use it on several instances of browsers across PC's)

In summary, I offer this snippet from the gnome-keyring page located here

GNOME Keyring is a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications.

GNOME Keyring is integrated with the user's login, so that their secret storage can be unlocked when the user logins into their session.

GNOME Keyring is based around a standard called PKCS#11, which is a standard way for applications to manage certificates and keys on smart cards or secure storage.