Fingerprint-Login after Reboot in Combination with LUKS Makes `gnome-keyring` Change Login Keyring Password to Disk Encryption Passphrase
Edit: I just realized what happened.
Because I used the fingerprint login and then entered my password in the
Authentication required
The password you use to log in to your computer no longer matches that of your login keyring
prompt and also because I'm using LUKS, gnome-keyring
changed the password of the login keyring (which was my user password initially) to my disk encryption passphrase.
I'm glad, that it's somewhat intended behavior and I know the secret used for the login keyring again, but it took me quite a while to figure that out and I just got to it by reading other gnome-keyring
related stuff.
I think this edge-case (even tho my setup isn't that uncommon), should probably be handled more nicely to avoid this kind of confusion.
Original Description
I ran into a weird issue, where now my login keyring only unlocks when logging in with my fingerprint.Issue Description
System
OS: Arch Linux x86_64
Kernel: 5.18.16-arch1-1
DE: GNOME 42.3.1
gnome-keyring
version: 1:42.1-1
Background & Issue Description
I first installed my OS and setup Gnome, while only using my password for logging in (via GDM). I assume the keyring got created during this setup without issues as well - at least I didn't notice anything weird.
Later I enabled fingerprint unlock by enrolling my fingerprint using fprintd-enroll
.
Then I think (and I'm pretty sure) I logged in after reboot using my fingerprint and got prompted by the typical
Authentication required
The password you use to log in to your computer no longer matches that of your login keyring
message and I proceeded by typing in my login password.
Current Situation
Expected Behavior
- When logging in using my fingerprint,
gnome-keyring
prompts me to type in my login password to unlock my login keyring. - When logging in using my password,
gnome-keyring
automatically unlocks my login keyring.
Actual Behavior
- When logging in using my fingerprint for the first time after a reboot,
gnome-keyring
automatically unlocks my login keyring (with some secret I don't know). - When logging in using my password,
gnome-keyring
prompts me to type in some password/secret I don't know. - When logging in using my fingerprint in subsequent logins (after the fingerprint login after a reboot),
gnome-keyring
prompts me to type in some password/secret I don't know.
Thoughts
It seems like gnome-keyring
re-encrypted my keyring using some secret associated with my fingerprint, which I don't know of.
Also I don't seem to be the only one affected by this. A quick internet search revealed the following Reddit post, which seems to describe the same problem: https://www.reddit.com/r/gnome/comments/kgnx5k/gnome_keyring_issues_with_fingerprint/.