KWallet: Unterschied zwischen den Versionen

Aus Foxwiki
Keine Bearbeitungszusammenfassung
Zeile 11: Zeile 11:
  session optional pam_kwallet5.so auto_start  
  session optional pam_kwallet5.so auto_start  


= KeePassXC =
= Anwendung =
#!/usr/bin/env bash
# set -xv
# exec 1>~/keepass.sh.log 2>&1
echo opening KeepassXC ...
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx &
echo opening volume geschäftlich ...
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ &
echo opening volume privat ...
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &


= KeePass =
  #!/bin/bash
  #!/bin/bash
  # startup keepass with a password from KWallet
  # startup keepass with a password from KWallet
Zeile 40: Zeile 53:
* This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.  
* This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.  
* Still not 100%, but security is always a tradeoff between ease of use and effectiveness.
* Still not 100%, but security is always a tradeoff between ease of use and effectiveness.
=== Anwendungen ===
#!/usr/bin/env bash
# set -xv
# exec 1>~/keepass.sh.log 2>&1
echo opening KeepassXC ...
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx &
echo opening volume geschäftlich ...
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ &
echo opening volume privat ...
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &


=Links=
=Links=

Version vom 24. Oktober 2020, 18:13 Uhr

KWallet beim Login mit SDDM entsperren

Voraussetzungen

  • Benutzerpasswort und KWallet-Passwort müssen identisch sein
  • TODO: apt mit relevanten Paketen

Konfiguration

# vi /etc/pam.d/sddm

Hinzufügen / anpassen:

auth optional pam_kwallet5.so 
session optional pam_kwallet5.so auto_start 

Anwendung

#!/usr/bin/env bash
# set -xv
# exec 1>~/keepass.sh.log 2>&1

echo opening KeepassXC ...
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx &

echo opening volume geschäftlich ...
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ &

echo opening volume privat ...
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &

KeePass

#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass)
#open Keepass
mono /opt/KeePass2/KeePass.exe --lock &

#give keepass enough time to actually open, otherwise results are inconsistent
sleep 3

# Tell keypass to open your password database
mono /opt/KeePass2/KeePass.exe "/home/user/Dropbox/keepass/passwords.kdbx" -pw:$walletkey
  • Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
  • So now I just log in, type in my Kwallet password, and KeePass opens as well.

Sicherheit

  • There’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
  • There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass)
dbpath="/home/user/Dropbox/keepass/passwords.kdbx"
echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin

  • This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.
  • Still not 100%, but security is always a tradeoff between ease of use and effectiveness.

Links

Intern

TDOD

Extern

  1. https://wiki.ubuntuusers.de/KDE_Passwortspeicher/
  2. http://thisisnt.com/opening-keepass-securely-and-automatically-in-kde/