Difference between revisions of "KDE Wallet"

From ArchWiki
Jump to: navigation, search
(Using the KDE Wallet to store ssh keys: ksshaskpass currently seems to export the SSH_ASKPASS var in an /etc/profile.d script)
(auto_start parameter is not necessary (tested only with sddm))
 
(50 intermediate revisions by 26 users not shown)
Line 1: Line 1:
[[Category:Desktop environments]]
+
[[Category:KDE]]
[http://utils.kde.org/projects/kwalletmanager/ KDE Wallet Manager] is a tool to manage the passwords on your KDE system. By using the KDE wallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the KDE wallet.
+
[[ar:KDE Wallet]]
 +
[[es:KDE Wallet]]
 +
[[ja:KDE Wallet]]
 +
{{Remove|Plasma4 is no longer available in the official repositories|section=Remove KDE4/Plasma4 references}}
 +
[http://utils.kde.org/projects/kwalletmanager/ KDE Wallet Manager] is a tool to manage the passwords on your KDE Plasma system. By using the KWallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with KWallet.
 +
 
 +
== Unlock KDE Wallet automatically on login ==
 +
 
 +
If your KWallet password is the same as your username password, you can unlock your wallet automatically on login.
 +
 
 +
For '''Plasma 4''', install the {{AUR|pam_kwallet-git}}.
 +
 
 +
Then edit {{ic|/etc/pam.d/kde}} and add the two lines under their corresponding sections:
 +
 
 +
{{bc|1=
 +
auth            optional        pam_kwallet.so kdehome=.kde4
 +
session        optional        pam_kwallet.so
 +
}}
 +
 
 +
{{hc|Example /etc/pam.d/kde|2=
 +
#%PAM-1.0
 +
auth            include        system-login
 +
auth            optional        pam_kwallet.so kdehome=.kde4
 +
 
 +
account        include        system-login
 +
 
 +
password        include        system-login
 +
 
 +
session        include        system-login
 +
session        optional        pam_kwallet.so
 +
}}
 +
 
 +
For '''Plasma 5''', install {{Pkg|kwallet-pam}} package.
 +
Then edit your login manager pam file and add the two lines under their corresponding sections:
 +
 
 +
{{bc|1=
 +
-auth            optional        pam_kwallet5.so
 +
-session        optional        pam_kwallet5.so auto_start
 +
}}
 +
 
 +
For [[LightDM]], for example, edit lightdm and lightdm-greeter files:
 +
{{hc|Example /etc/pam.d/lightdm|2=
 +
#%PAM-1.0
 +
auth            include        system-login
 +
-auth            optional        pam_kwallet5.so
 +
 
 +
account        include        system-login
 +
 
 +
password        include        system-login
 +
 
 +
session        include        system-login
 +
-session        optional        pam_kwallet5.so auto_start
 +
}}
 +
 
 +
For [[SDDM]], just edit the sddm file like this to get both kwallet4 and kwallet5 to auto-unlock:
 +
 
 +
{{hc|Example /etc/pam.d/sddm|2=
 +
auth            include        system-login
 +
auth            optional        pam_kwallet5.so
 +
auth            optional        pam_kwallet.so kdehome=.kde4
 +
account        include        system-login
 +
password        include        system-login
 +
session        include        system-login
 +
session        optional        pam_kwallet5.so
 +
session        optional        pam_kwallet.so
 +
}}
 +
 
 +
After restarting your wallet should unlock automatically if your user password is the same as your KWallet password and you use a login manager like KDM.
 +
 
 +
{{Note|Currently, pam_kwallet-git / kwallet-pam has at least two limitations: first, it's not compatible with [[GnuPG]] keys, so KDE Wallet must use the standard blowfish encryption. Also, the wallet name must be "kdewallet" (that's the default name). If, for some reason, you create a new wallet, you need to use this name (so you will probably need to rename the old wallet too).}}
  
 
== Using the KDE Wallet to store ssh keys ==
 
== Using the KDE Wallet to store ssh keys ==
  
Install Ksshaskpass from comunity repo:
+
First, make sure that you have an [[SSH agent]] running. For instructions on how to start and stop {{ic|ssh-agent}} on login and logout respectively follow  [[SSH keys#Using KDM]].
+
 
pacman -S ksshaskpass
+
[[Install]] the {{Pkg|ksshaskpass}} package.
 +
 
 +
{{Note|1=If you use KDE4 and run into problems due to ksshaskpass connecting to a [https://bbs.archlinux.org/viewtopic.php?pid=1525004 second instance of kwallet], try installing {{Aur|ksshaskpass4}} instead.}}
 +
 
 +
{{Accuracy|This conflicts with what is written further below.}}
 +
 
 +
Create an autostart file (KDE4: {{ic|~/.kde4/Autostart/ssh-add.sh}}, KDE Plasma: {{ic|~/.config/autostart/ssh-add.sh}}) with this content:
 +
 
 +
{{bc|
 +
#!/bin/sh
 +
ssh-add </dev/null
 +
}}
 +
 
 +
{{Move|KDE#Autostarting applications|General autostarting instructions belong there}}
 +
 
 +
KDE Plasma no longer processes *.sh startup scripts in the autostart directory. There are two methods to fix this.
 +
 
 +
'''Method #1: Move ssh-add.sh to the new autostart-scripts directory'''
 +
 
 +
Instead of placing the file in {{ic|~/.config/autostart/ssh-add.sh}}, place it in {{ic|~/.config/autostart-scripts/ssh-add.sh}}.
 +
 
 +
'''Method #2: Convert ssh-add.sh to a desktop file'''
 +
 
 +
You can also create a startup .desktop file {{ic|~/.config/autostart/ssh-add.desktop}}:
 +
 
 +
{{bc|<nowiki>
 +
[Desktop Entry]
 +
Exec=~/.config/autostart/ssh-add.sh
 +
Icon=system-run
 +
StartupNotify=true
 +
Terminal=false
 +
Type=Application
 +
</nowiki>}}
 +
 
 +
{{Tip|The above ssh-add.sh script will only add the default key {{ic|~/.ssh/id_rsa}}. Assuming you have different SSH keys named {{ic|key1}}, {{ic|key2}}, {{ic|key3}} in {{ic|~/.ssh/}}, you may add them automatically on login by changing the above script to:
 +
 
 +
{{bc|
 +
#!/bin/sh
 +
ssh-add $HOME/.ssh/key1 $HOME/.ssh/key2 $HOME/.ssh/key3 </dev/null
 +
}}
 +
}}
 +
 
 +
If you created a desktop file for ssh-add above, reboot. If you created a sh file, make it executable and run it:
 +
 
 +
'''Plasma 4'''
 +
 
 +
{{bc|
 +
$ chmod +x ~/.kde4/Autostart/ssh-add.sh
 +
$ ~/.kde4/Autostart/ssh-add.sh
 +
}}
 +
 
 +
'''Plasma 5'''
 +
 
 +
{{bc|
 +
$ chmod +x ~/.config/autostart-scripts/ssh-add.sh
 +
$ ~/.config/autostart-scripts/ssh-add.sh
 +
}}
  
Create the file
+
You also have to set the {{ic|SSH_ASKPASS}} environment variable in your /etc/profile or ~/.bash_profile:
~/.kde4/Autostart/ssh-add.sh
+
  
Add this content
+
{{bc|<nowiki>
#!/bin/sh
+
export SSH_ASKPASS="/usr/bin/ksshaskpass"
ssh-add </dev/null
+
</nowiki>}}
  
 +
It will ask for your password and unlock your SSH keys. Upon restart your SSH keys should be unlocked once you give your kwallet password.
  
Make it executable and run
+
To add a new key and store the password with kwallet use the following command
<pre>chmod +x ~/.kde4/Autostart/ssh-add.sh
+
~/.kde4/Autostart/ssh-add.sh
+
</pre>
+
  
It will ask for your password and unlock the your ssh keys.
+
$ ssh-add /path/to/new/key </dev/null
  
You may need to go to system settings -> advanced -> Autostart -> add script in newer version of KDE.
+
and append the key to the list of keys in {{ic|~/.kde4/Autostart/ssh-add.sh}} as explained above to have it unlocked upon providing the kwallet password.
  
== KDE Wallet for firefox ==
+
== KDE Wallet for Firefox ==
  
There is an addon to make firefox store passwords with KDE wallet.
+
There is an addon to make Firefox store passwords with [https://addons.mozilla.org/addon/kde5-wallet-password-integrati/ KDE5 Wallet] or [https://addons.mozilla.org/addon/kde-wallet-password-integratio/ KDE4 Wallet].
  
http://kde-apps.org/content/show.php/Firefox+addon+for+kwallet?content=116886
+
== KDE Wallet for Chromium ==
  
== KDE Wallet for chromium ==
+
Chromium has built in wallet integration. To enable it, run Chromium with the {{ic|1=--password-store=kwallet}} or {{ic|1=--password-store=detect}} argument.
Chromium has built in wallet integration.
+
  
To enable it you should run your Chromium browser by adding --password-store=kwallet or --password-store=detect.
+
== See also ==
  
While second option SHOULD be default it happened to not working for author, so it's if it's happening to You, invoke Your browser with:
+
* [https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/ Unlocking KWallet with PAM]
<pre>chromium --password-store=kwallet</pre>
+

Latest revision as of 09:01, 24 May 2016

Tango-edit-cut.pngThis section is being considered for removal.Tango-edit-cut.png

Reason: Plasma4 is no longer available in the official repositories (Discuss in Talk:KDE Wallet#Remove KDE4/Plasma4 references)

KDE Wallet Manager is a tool to manage the passwords on your KDE Plasma system. By using the KWallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with KWallet.

Unlock KDE Wallet automatically on login

If your KWallet password is the same as your username password, you can unlock your wallet automatically on login.

For Plasma 4, install the pam_kwallet-gitAUR.

Then edit /etc/pam.d/kde and add the two lines under their corresponding sections:

auth            optional        pam_kwallet.so kdehome=.kde4
session         optional        pam_kwallet.so
Example /etc/pam.d/kde
#%PAM-1.0
auth            include         system-login
auth            optional        pam_kwallet.so kdehome=.kde4 

account         include         system-login

password        include         system-login

session         include         system-login
session         optional        pam_kwallet.so

For Plasma 5, install kwallet-pam package. Then edit your login manager pam file and add the two lines under their corresponding sections:

-auth            optional        pam_kwallet5.so
-session         optional        pam_kwallet5.so auto_start

For LightDM, for example, edit lightdm and lightdm-greeter files:

Example /etc/pam.d/lightdm
#%PAM-1.0
auth            include         system-login
-auth            optional        pam_kwallet5.so

account         include         system-login

password        include         system-login

session         include         system-login
-session         optional        pam_kwallet5.so auto_start

For SDDM, just edit the sddm file like this to get both kwallet4 and kwallet5 to auto-unlock:

Example /etc/pam.d/sddm
auth            include         system-login
auth            optional        pam_kwallet5.so
auth            optional        pam_kwallet.so kdehome=.kde4
account         include         system-login
password        include         system-login
session         include         system-login
session         optional        pam_kwallet5.so
session         optional        pam_kwallet.so

After restarting your wallet should unlock automatically if your user password is the same as your KWallet password and you use a login manager like KDM.

Note: Currently, pam_kwallet-git / kwallet-pam has at least two limitations: first, it's not compatible with GnuPG keys, so KDE Wallet must use the standard blowfish encryption. Also, the wallet name must be "kdewallet" (that's the default name). If, for some reason, you create a new wallet, you need to use this name (so you will probably need to rename the old wallet too).

Using the KDE Wallet to store ssh keys

First, make sure that you have an SSH agent running. For instructions on how to start and stop ssh-agent on login and logout respectively follow SSH keys#Using KDM.

Install the ksshaskpass package.

Note: If you use KDE4 and run into problems due to ksshaskpass connecting to a second instance of kwallet, try installing ksshaskpass4AUR instead.

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: This conflicts with what is written further below. (Discuss in Talk:KDE Wallet#)

Create an autostart file (KDE4: ~/.kde4/Autostart/ssh-add.sh, KDE Plasma: ~/.config/autostart/ssh-add.sh) with this content:

#!/bin/sh
ssh-add </dev/null

Tango-go-next.pngThis article or section is a candidate for moving to KDE#Autostarting applications.Tango-go-next.png

Notes: General autostarting instructions belong there (Discuss in Talk:KDE Wallet#)

KDE Plasma no longer processes *.sh startup scripts in the autostart directory. There are two methods to fix this.

Method #1: Move ssh-add.sh to the new autostart-scripts directory

Instead of placing the file in ~/.config/autostart/ssh-add.sh, place it in ~/.config/autostart-scripts/ssh-add.sh.

Method #2: Convert ssh-add.sh to a desktop file

You can also create a startup .desktop file ~/.config/autostart/ssh-add.desktop:

[Desktop Entry]
Exec=~/.config/autostart/ssh-add.sh
Icon=system-run
StartupNotify=true
Terminal=false
Type=Application
Tip: The above ssh-add.sh script will only add the default key ~/.ssh/id_rsa. Assuming you have different SSH keys named key1, key2, key3 in ~/.ssh/, you may add them automatically on login by changing the above script to:
#!/bin/sh
ssh-add $HOME/.ssh/key1 $HOME/.ssh/key2 $HOME/.ssh/key3 </dev/null

If you created a desktop file for ssh-add above, reboot. If you created a sh file, make it executable and run it:

Plasma 4

$ chmod +x ~/.kde4/Autostart/ssh-add.sh
$ ~/.kde4/Autostart/ssh-add.sh

Plasma 5

$ chmod +x ~/.config/autostart-scripts/ssh-add.sh
$ ~/.config/autostart-scripts/ssh-add.sh

You also have to set the SSH_ASKPASS environment variable in your /etc/profile or ~/.bash_profile:

export SSH_ASKPASS="/usr/bin/ksshaskpass"

It will ask for your password and unlock your SSH keys. Upon restart your SSH keys should be unlocked once you give your kwallet password.

To add a new key and store the password with kwallet use the following command

$ ssh-add /path/to/new/key </dev/null

and append the key to the list of keys in ~/.kde4/Autostart/ssh-add.sh as explained above to have it unlocked upon providing the kwallet password.

KDE Wallet for Firefox

There is an addon to make Firefox store passwords with KDE5 Wallet or KDE4 Wallet.

KDE Wallet for Chromium

Chromium has built in wallet integration. To enable it, run Chromium with the --password-store=kwallet or --password-store=detect argument.

See also