xdg-basedir for secrets
Simon McVittie
smcv at collabora.com
Fri Jun 7 15:57:07 UTC 2019
On Fri, 07 Jun 2019 at 15:19:25 +0200, Bardot Jérôme wrote:
> Le 06/06/2019 à 23:15, Jonas DOREL a écrit :
> > Currently, most secrets (SSH Keys, GPG Keys, OAuth token) seems to be
> > located in XDG_CONFIG_HOME.
> And they should not, secrets are data not config. (for me)
For what it's worth, gnome-keyring's maintainers seem to agree (it uses
XDG_DATA_HOME/keyrings).
> For me as far as possible all /home data should have an as strict as
> possible policy.
Strict permissions are best-practice for all the XDG basedirs. The
basedir spec says that applications writing to the basedirs should create
XDG_CONFIG_HOME, XDG_DATA_HOME or XDG_CACHE_HOME with 0700 (rwx------)
permissions if they don't already exist.
> if i do it for my emails, or my calendars, or my bookmark we need a
> strict policy behaviours.
Yes, emails, calendars and bookmarks are examples of things that tend
to contain private or sensitive information, and should not be readable
by other users unless the owner has specifically configured that.
In some cases these (especially emails) will contain passwords and
other secrets.
If 0700 permissions and whatever encryption-at-rest your OS/machine might
have are not considered to be sufficient protection for a particular
secret (for example a GPG or SSH key), then I would recommend using a
USB cryptographic token (Nitrokey, Yubikey or similar) and not storing
it on disk at all.
smcv
More information about the xdg
mailing list