KWallet: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
| Zeile 11: | Zeile 11: | ||
session optional pam_kwallet5.so auto_start | session optional pam_kwallet5.so auto_start | ||
= | = Anwendung = | ||
#!/usr/bin/env bash | |||
# set -xv | |||
# exec 1>~/keepass.sh.log 2>&1 | |||
echo opening KeepassXC ... | |||
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx & | |||
echo opening volume geschäftlich ... | |||
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ & | |||
echo opening volume privat ... | |||
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ & | |||
= KeePass = | |||
#!/bin/bash | #!/bin/bash | ||
# startup keepass with a password from KWallet | # startup keepass with a password from KWallet | ||
| Zeile 40: | Zeile 53: | ||
* This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed. | * This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed. | ||
* Still not 100%, but security is always a tradeoff between ease of use and effectiveness. | * Still not 100%, but security is always a tradeoff between ease of use and effectiveness. | ||
=Links= | =Links= | ||
Version vom 24. Oktober 2020, 18:13 Uhr
KWallet beim Login mit SDDM entsperren
Voraussetzungen
- Benutzerpasswort und KWallet-Passwort müssen identisch sein
- TODO: apt mit relevanten Paketen
Konfiguration
# vi /etc/pam.d/sddm
Hinzufügen / anpassen:
auth optional pam_kwallet5.so session optional pam_kwallet5.so auto_start
Anwendung
#!/usr/bin/env bash # set -xv # exec 1>~/keepass.sh.log 2>&1 echo opening KeepassXC ... kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx & echo opening volume geschäftlich ... kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ & echo opening volume privat ... kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &
KeePass
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) #open Keepass mono /opt/KeePass2/KeePass.exe --lock & #give keepass enough time to actually open, otherwise results are inconsistent sleep 3 # Tell keypass to open your password database mono /opt/KeePass2/KeePass.exe "/home/user/Dropbox/keepass/passwords.kdbx" -pw:$walletkey
- Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
- So now I just log in, type in my Kwallet password, and KeePass opens as well.
Sicherheit
- There’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
- There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) dbpath="/home/user/Dropbox/keepass/passwords.kdbx" echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin
- This works really well, and the password is only available briefly, reducing the ease at which it can be sniffed.
- Still not 100%, but security is always a tradeoff between ease of use and effectiveness.
Links
Intern
TDOD