KWallet: Unterschied zwischen den Versionen

Aus Foxwiki
Versionsgeschichte interaktiv durchsuchen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
Zeile 59: Zeile 59:
=Links=
=Links=
==Intern==
==Intern==
TDOD
TODO


==Extern==
==Extern==

Version vom 24. Oktober 2020, 19:30 Uhr

KWallet beim Login mit SDDM entsperren

Voraussetzungen

  • Benutzerpasswort und KWallet-Passwort müssen identisch sein
  • TODO: apt mit relevanten Paketen

Konfiguration

# vi /etc/pam.d/sddm

Hinzufügen / anpassen: 

auth optional pam_kwallet5.so 
session optional pam_kwallet5.so auto_start

Anwendung

#!/usr/bin/env bash
## 

## Fehlersuche
#set -xv
#exec 1>~/.openKwallet.log 2>&1

echo opening KeepassXC ...
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/pwd/pwd.kdbx &

echo opening volume geschäftlich ...
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d ~/.geschaeftlich/ -z ~/geschaeftlich/ &

echo opening volume privat ...
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d ~/.privat/ -z ~/privat/ &

KeePass

#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass)
#open Keepass
mono /opt/KeePass2/KeePass.exe --lock &

#give keepass enough time to actually open, otherwise results are inconsistent
sleep 3

# Tell keypass to open your password database
mono /opt/KeePass2/KeePass.exe "/home/user/Dropbox/keepass/passwords.kdbx" -pw:$walletkey
  • Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
  • So now I just log in, type in my Kwallet password, and KeePass opens as well.

Sicherheit

  • There’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
  • There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass)
dbpath="/home/user/Dropbox/keepass/passwords.kdbx"
echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin
  • This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.
  • Still not 100%, but security is always a tradeoff between ease of use and effectiveness.

Links

Intern

TODO

Extern

  1. https://wiki.ubuntuusers.de/KDE_Passwortspeicher/
  2. http://thisisnt.com/opening-keepass-securely-and-automatically-in-kde/
Abgerufen von „https://wiki.foxtom.de/index.php?title=KWallet&oldid=17629