KWallet

Aus Foxwiki

Linux:Plasma5:KWallet:Login

KWallet beim Login entsperren

Voraussetzungen

  • KWallet wird bei einer Standard-Installation bereits mit installiert.
  • TODO: apt mit relevanten Paketen

Konfiguration

# vi /etc/pam.d/sddm

Hinzufügen / anpassen:

auth optional pam_kwallet5.so 
session optional pam_kwallet5.so auto_start 
Benutzerpasswort und KWallet-Passwort müssen sein

KeePassXC

Opening KeePass securely and automatically in KDE

  • So I use KeePass a lot as my password manager.
  • Why you should use a password manager is a little beyond this post, but it’s a great way to securely store individual passwords for every use you have, so you can use more secure passwords that you’ll never remember, and when one password is compromised, the other accounts you have remain secure.
  • Keepass works good in Ubuntu Linux using the Mono library, and it also works with Android, windows, which I need.
  • There is a KeePassX project for a native port, but the normal version works well enough for me.
  • So when I logged into KDE4 I would have to type in my Kwallet password (kwallet is the password manager built into KDE – if anyone builds a plugin to read Keepass files, I will send you money) so I could connect to the WIFI, then I would have to type in the master password for KeePass, and then occasionally KOrganizer will ask for my gmail password to sync the calendar.
  • This sucks, so I wrote a quick little script to store my KeePass master password in Kwallet, and when KDE starts, retrieve it and start KeePass automatically from the file in my Dropbox folder.
#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords \
-e KeePass)
#open Keepass
mono /opt/KeePass2/KeePass.exe --lock &

#give keepass enough time to actually open, otherwise results are inconsistent
sleep 3

# Tell keypass to open your password database
mono /opt/KeePass2/KeePass.exe \ "/home/user/Dropbox/keepass/passwords.kdbx" \ -pw:$walletkey
  • Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
  • So now I just log in, type in my Kwallet password, and KeePass opens as well.

EDIT – 2015-04-06

  • Thanks to everyone who commented below with their ideas on improving this script.
  • As mentioned, there’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
  • There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash
# startup keepass with a password from KWallet
walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass)
dbpath="/home/user/Dropbox/keepass/passwords.kdbx"
echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin

  • This works really well, and the password is only available briefly, really reducing the ease at which it can be sniffed.
  • Still not 100%, but security is always a tradeoff between ease of use and effectiveness. Thanks for everyone’s help!

Anwendungen

#!/usr/bin/env bash
# set -xv
# exec 1>~/keepass.sh.log 2>&1

echo opening KeepassXC ...
kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx &

echo opening volume geschäftlich ...
kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ &

echo opening volume privat ...
kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &

Links

Intern

TDOD

Extern

  1. https://wiki.ubuntuusers.de/KDE_Passwortspeicher/
  2. http://thisisnt.com/opening-keepass-securely-and-automatically-in-kde/