xi-keyring

simple and extensible alternative for gnome-keyring
git clone https://git.ce9e.org/xi-keyring.git
commit
c6d82322afd92f519308d49f6649d76582716c99
parent
c06c6ead6bcaaab5d8da2e90b6357c40ce1573eb
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2026-05-24 12:01
allow to change the password

Diffstat

M xikeyring/__main__.py 7 ++++++-
M xikeyring/keyring.py 16 +++++++++-------

2 files changed, 15 insertions, 8 deletions

diff --git a/xikeyring/__main__.py b/xikeyring/__main__.py 

@@ -5,6 +5,7 @@ from pathlib import Path
    5     5 
    6     6 from cryptography.fernet import Fernet
    7     7 
   -1     8 from . import crypto
    8     9 from .dbus import DBusService
    9    10 from .dumpable import pr_set
   10    11 from .keyring import KeyringProxy
@@ -23,7 +24,7 @@ def parse_args():
   23    24     parser = argparse.ArgumentParser('xikeyring')
   24    25     parser.add_argument(
   25    26         'action',
   26    -1         choices=['dump', 'restore'],
   -1    27         choices=['dump', 'restore', 'change-password'],
   27    28         nargs='?',
   28    29     )
   29    30     parser.add_argument(
@@ -58,6 +59,10 @@ elif args.action == 'restore':
   58    59     decrypted = sys.stdin.read().encode('utf-8')
   59    60     encrypted = Fernet(keyring.key.value).encrypt(decrypted)
   60    61     write_bytes(keyring.path, encrypted)
   -1    62 elif args.action == 'change-password':
   -1    63     password = keyring._get_new_password()
   -1    64     encrypted = crypto.encrypt_with_password(keyring.key.value, password)
   -1    65     write_bytes(args.key, encrypted)
   61    66 else:
   62    67     service = DBusService(keyring)
   63    68     service.run(args.bus)

diff --git a/xikeyring/keyring.py b/xikeyring/keyring.py 

@@ -63,6 +63,14 @@ class Keyring:
   63    63                 pass
   64    64 
   65    65     def _create_key(self, path: Path) -> KernelKey:
   -1    66         password = self._get_new_password()
   -1    67         key = Fernet.generate_key()
   -1    68         encrypted = crypto.encrypt_with_password(key, password)
   -1    69         path.parent.mkdir(mode=0o700, parents=True, exist_ok=True)
   -1    70         write_bytes(path, encrypted)
   -1    71         return KernelKey(key)
   -1    72 
   -1    73     def _get_new_password(self):
   66    74         while True:
   67    75             password = self.prompt.get_password(
   68    76                 'An application wants access to your keyring. '
@@ -75,7 +83,7 @@ class Keyring:
   75    83                 'Please enter the password again for confirmation.'
   76    84             )
   77    85             if password == password2:
   78    -1                 break
   -1    86                 return password
   79    87 
   80    88             again = self.prompt.confirm(
   81    89                 'The passwords did not match. Do you want to try again?'
@@ -83,12 +91,6 @@ class Keyring:
   83    91             if not again:
   84    92                 raise AccessDeniedError
   85    93 
   86    -1         key = Fernet.generate_key()
   87    -1         encrypted = crypto.encrypt_with_password(key, password)
   88    -1         path.parent.mkdir(mode=0o700, parents=True, exist_ok=True)
   89    -1         write_bytes(path, encrypted)
   90    -1         return KernelKey(key)
   91    -1 
   92    94     def _read(self, pid: PID) -> dict[int, Item]:
   93    95         path = pid.path(self.path)
   94    96         if not path.exists():