Difference between revisions of "KDE Wallet"

From ArchWiki
Jump to: navigation, search
m (Bugmenot2 moved page Kde Wallet to KDE Wallet)
(Using the KDE Wallet to store ssh key passhprases: Simplify, link is redundant and makes an incomplete example unnecessary.)
 
(95 intermediate revisions by 42 users not shown)
Line 1: Line 1:
[[Category:Daemons and system services]]
+
[[Category:KDE]]
[[Category:Desktop environments]]
+
[[ar:KDE Wallet]]
[http://utils.kde.org/projects/kwalletmanager/ KDE Wallet Manager] is a tool to manage the passwords on your KDE system. By using the KDE wallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the KDE wallet.
+
[[es:KDE Wallet]]
 +
[[ja:KDE Wallet]]
 +
[[zh-hans:KDE Wallet]]
 +
[http://utils.kde.org/projects/kwalletmanager/ KDE Wallet Manager] is a tool to manage passwords on the [[KDE]] Plasma system. By using the KWallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with KWallet.
  
== Using the KDE Wallet to store ssh keys ==
+
== Unlock KDE Wallet automatically on login ==
  
Install Ksshaskpass from comunity repo:
+
{{Note|
+
* {{Pkg|kwallet-pam}} is not compatible with [[GnuPG]] keys, the KDE Wallet must use the standard {{ic|blowfish}} encryption.
pacman -S ksshaskpass
+
* The chosen KWallet password must be the same as the current [[user]] password.
 +
* The wallet cannot be unlocked when using autologin.
 +
* The wallet must be named {{ic|kdewallet}} (default name). It does not unlock any other wallet(s).
 +
* It may be needed to remove the default created wallet first, thus removing all stored entries.
 +
}}
  
Create the file
+
[[Install]] {{Pkg|kwallet-pam}} for the [[PAM]] compatible module.
~/.kde4/Autostart/ssh-add.sh
 
  
Add this content
+
Optional [[install]] {{Pkg|kwalletmanager}} for the wallet management tool. This tool can be used to create a KDE Wallet with {{ic|blowfish}} encryption and more settings not provided by the ''kcm-module''.
#!/bin/sh
 
export SSH_ASKPASS=/usr/bin/ksshaskpass
 
ssh-add </dev/null
 
  
 +
=== Configure display manager ===
  
Make it executable and run
+
The following lines must be present under their corresponding sections:
<pre>chmod +x ~/.kde4/Autostart/ssh-add.sh
 
~/.kde4/Autostart/ssh-add.sh
 
</pre>
 
  
It will ask for your password and unlock the your ssh keys.
+
{{bc|1=
 +
auth            optional        pam_kwallet5.so
 +
session        optional        pam_kwallet5.so auto_start
 +
}}
  
You may need to go to system settings -> advanced -> Autostart -> add script in newer version of KDE.
+
It may be needed to edit the [[display manager]] configuration:
 +
* For [[SDDM]] no further edits should be needed because the lines are already present in {{ic|/etc/pam.d/sddm}}.
 +
* For [[GDM]] edit {{ic|/etc/pam.d/gdm-password}} accordingly.
 +
* For [[LightDM]] edit {{ic|/etc/pam.d/lightdm}} and {{ic|/etc/pam.d/lightdm-greeter}} files:
  
== KDE Wallet for firefox ==
+
{{hc|/etc/pam.d/lightdm|2=
 +
#%PAM-1.0
 +
auth            include        system-login
 +
'''auth            optional        pam_kwallet5.so'''
  
There is an addon to make firefox store passwords with KDE wallet.
+
account        include        system-login
  
http://kde-apps.org/content/show.php/Firefox+addon+for+kwallet?content=116886
+
password        include        system-login
  
== KDE Wallet for chromium ==
+
session        include        system-login
Chromium has built in wallet integration.
+
'''session        optional        pam_kwallet5.so auto_start'''
 +
}}
  
To enable it you should run your Chromium browser by adding --password-store=kwallet or --password-store=detect.
+
== Using the KDE Wallet to store ssh key passhprases ==
 +
{{Note|A [[SSH agent]] should be up and running.}}
  
While second option SHOULD be default it happened to not working for author, so it's if it's happening to You, invoke Your browser with:
+
[[Install]] {{Pkg|ksshaskpass}} package.
<pre>chromium --password-store=kwallet</pre>
+
 
 +
[[Create]] an [[KDE#Autostarting_applications|autostart script file]] and mark it as [[executable]]:
 +
{{hc|~/.config/autostart-scripts/ssh-add.sh|
 +
#!/bin/sh
 +
ssh-add </dev/null
 +
}}
 +
 
 +
{{Tip|The above ssh-add.sh script will only add the default key {{ic|~/.ssh/id_rsa}}. Assuming you have different SSH keys named {{ic|key1}}, {{ic|key2}}, {{ic|key3}} in {{ic|~/.ssh/}}, you may add them automatically on login by changing the above script to:
 +
 
 +
{{hc|~/.config/autostart-scripts/ssh-add.sh|
 +
#!/bin/sh
 +
ssh-add $HOME/.ssh/key1 $HOME/.ssh/key2 $HOME/.ssh/key3 </dev/null
 +
}}
 +
}}
 +
 
 +
You also have to set the {{ic|SSH_ASKPASS}} [[environment variable]] to {{ic|ksshaskpass}}.
 +
 
 +
It will ask for your password and unlock your SSH keys. Upon restart your SSH keys should be unlocked once you give your kwallet password.
 +
 
 +
To add a new key and store the password with kwallet use the following command
 +
 
 +
$ ssh-add /path/to/new/key </dev/null
 +
 
 +
and append the key to the list of keys in {{ic|~/.config/autostart-scripts/ssh-add.sh}} as explained above to have it unlocked upon providing the kwallet password.
 +
 
 +
== KDE Wallet for Firefox ==
 +
{{Note|As of Firefox 57 this addon is not supported anymore. Use Firefox ESR if wanting to use this addon.}}
 +
 
 +
There is an unofficial [[Firefox]] addon for [https://addons.mozilla.org/addon/kde5-wallet-password-integrati/ KDE5 Wallet] integration.
 +
 
 +
== KDE Wallet for Chrome and Chromium ==
 +
 
 +
Chrome/Chromium has built in wallet integration. To enable it, run Chromium with the {{ic|1=--password-store=kwallet}} or {{ic|1=--password-store=detect}} argument. To make the change persistent, see [[Chromium/Tips and tricks#Making flags persistent]]. (Setting CHROMIUM_USER_FLAGS will not work.)
 +
 
 +
== See also ==
 +
 
 +
* [https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/ Unlocking KWallet with PAM]

Latest revision as of 05:03, 30 March 2018

KDE Wallet Manager is a tool to manage passwords on the KDE Plasma system. By using the KWallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with KWallet.

Unlock KDE Wallet automatically on login

Note:
  • kwallet-pam is not compatible with GnuPG keys, the KDE Wallet must use the standard blowfish encryption.
  • The chosen KWallet password must be the same as the current user password.
  • The wallet cannot be unlocked when using autologin.
  • The wallet must be named kdewallet (default name). It does not unlock any other wallet(s).
  • It may be needed to remove the default created wallet first, thus removing all stored entries.

Install kwallet-pam for the PAM compatible module.

Optional install kwalletmanager for the wallet management tool. This tool can be used to create a KDE Wallet with blowfish encryption and more settings not provided by the kcm-module.

Configure display manager

The following lines must be present under their corresponding sections:

auth            optional        pam_kwallet5.so
session         optional        pam_kwallet5.so auto_start

It may be needed to edit the display manager configuration:

  • For SDDM no further edits should be needed because the lines are already present in /etc/pam.d/sddm.
  • For GDM edit /etc/pam.d/gdm-password accordingly.
  • For LightDM edit /etc/pam.d/lightdm and /etc/pam.d/lightdm-greeter files:
/etc/pam.d/lightdm
#%PAM-1.0
auth            include         system-login
auth            optional        pam_kwallet5.so

account         include         system-login

password        include         system-login

session         include         system-login
session         optional        pam_kwallet5.so auto_start

Using the KDE Wallet to store ssh key passhprases

Note: A SSH agent should be up and running.

Install ksshaskpass package.

Create an autostart script file and mark it as executable:

~/.config/autostart-scripts/ssh-add.sh
#!/bin/sh
ssh-add </dev/null
Tip: The above ssh-add.sh script will only add the default key ~/.ssh/id_rsa. Assuming you have different SSH keys named key1, key2, key3 in ~/.ssh/, you may add them automatically on login by changing the above script to:
~/.config/autostart-scripts/ssh-add.sh
#!/bin/sh
ssh-add $HOME/.ssh/key1 $HOME/.ssh/key2 $HOME/.ssh/key3 </dev/null

You also have to set the SSH_ASKPASS environment variable to ksshaskpass.

It will ask for your password and unlock your SSH keys. Upon restart your SSH keys should be unlocked once you give your kwallet password.

To add a new key and store the password with kwallet use the following command

$ ssh-add /path/to/new/key </dev/null

and append the key to the list of keys in ~/.config/autostart-scripts/ssh-add.sh as explained above to have it unlocked upon providing the kwallet password.

KDE Wallet for Firefox

Note: As of Firefox 57 this addon is not supported anymore. Use Firefox ESR if wanting to use this addon.

There is an unofficial Firefox addon for KDE5 Wallet integration.

KDE Wallet for Chrome and Chromium

Chrome/Chromium has built in wallet integration. To enable it, run Chromium with the --password-store=kwallet or --password-store=detect argument. To make the change persistent, see Chromium/Tips and tricks#Making flags persistent. (Setting CHROMIUM_USER_FLAGS will not work.)

See also