Last updated on November 15, 2020 by Dan Nanni
gpg-agentfor SSH authentication when my key is on a separate USB security key card. However, I notice that when I log in to my GNOME desktop,
gnome-keyring-daemonis already running, which appears to interfere with
gpg-agent. How can I disable GNOME keyring on my Linux desktop?
GNOME Keyring is a daemon program which caches user's secret keys, login credentials and certificates, and makes them available to other applications requesting them according to the GnuPG protocol. Essentially GNOME Keyring plays the same role as
gpg-agent, but is active only within GUI desktop sessions. GNOME Keyring also implements SSH agent protocol for SSH authentication to replace
The problem is that GNOME Keyring's implementation for the GnuPG and SSH agent protocols is not complete. For example, unlike
gpg-agent, GNOME Keyring cannot retrieve keys from smart card hardware. Thus when GNOME Keyring hijacks the connection to
gpg-agent, a user is left with no available key when the key is stored in the smart card. Also, you cannot make GNOME Keyring load SSH keys selectively.
On your GNOME/Unity desktop, if you want to rely on the original
ssh-agent, instead of GNOME Keyring, for all security operations, here is how you can disable GNOME Keyring permanently for a particular user.
First, copy the original desktop files for GNOME Keyring to
$ cd /etc/xdg/autostart $ cp gnome-keyring-gpg.desktop gnome-keyring-ssh.desktop ~/.config/autostart
Then open each of these files with a text editor, and add the following line.
Log out and log back in to finalize.
Now GNOME Keyring should be deactivated for the logged-in user, and
gpg-agent will manage the user's keys. When
gpg-agent needs to ask the user for a GPG key passphrase, it will use a
pinentry program (e.g.,
pinentry-curses, etc) instead.
Obviously if you want to disable GNOME-Keyring system-wide, you can make the above change directly in the original desktop files (