[PATCH] Make pinentry-qt read and store passphrases in KDE
3.2's wallet
Martijn Klingens
klingens at kde.org
Wed Dec 3 20:25:47 CET 2003
On Wednesday 03 December 2003 12:55, Werner Koch wrote:
> If you simply want one passphrase for all your apps, use one passphrase and
> don't store it on disk (it doesn't matter whether it is encrypted or not).
Well, I want to _enter_ one passphrase. Whether this one passphrase is then
cached and used for login, kwallet, gpg and ssh or only for login and kwallet
and the rest is fetched from the wallet doesn't really matter.
In the case of SSH it would be possible to use Kerberos for automatic login,
but that's way too complex for a smaller network, and storing the keys in a
securely encrypted wallet makes more sense to me.
> I see no reason to store ssh passphrases. The ssh-agent takes care of
> that. If you want to use ssh in an unattened environment, don't
> protect the ssh key with a passphrase.
Actually, there's a difference between 'ssh -i /path/to/my.key me at server' with
a passwordless key and having an actual password in a wallet. The latter is
safe as long as the wallet is closed, the former is not.
> I don't understand this. gpg-agent and ssh-agent are very similar but
> used for different applications. It would be a nice excercise to add
> the ssh-agent functionality to gpg-agent becuase they are pretty
> similar in what they are doing.
If gpg-agent supports storing arbitrary passwords that would make sense.
In fact, it would then make sense to make KWallet only the KDE API and make it
store the actual passwords in gpg-agent's memory through a secure channel
(rather than using QString and the rest of the Qt API that might duplicate
data in memory). That's not easy to write though, if not terribly hard.
> How can Kwallet be a backend if its purpose is to store passowrds
> etc. gpg-agen does the same and thus we can't devide it into backend
> and frontend.
Well, is the only of the mentioned components that allows passing on passwords
securely without user intervention after the initial logon.
> I won't suggest to use gpg-agent as a central repository of all
> passwords you might want to remember. There is a huge difference
> between the lwn.net password I need to know and the credentials I need
> to have to access my machines.
Yes, but I have some passwords for web-based GUIs at work with which I can
completely reconfigure switches. Those passwords fall under the same security
restrictions as my GPG passphrase or by SSH key's passphrase.
So if KWallet is deemed inadequate and gpg-agent is not that would
automatically mean that it in fact _DOES_ make sense to store the web
passwords in gpg-agent as well.
OTOH, all of Konqueror would still require memory protection, so the point is
moot whatever way you put it. Likewise, KMail stores the passphrase in
memory, KIO:Fish has the SSH password, etc.
Whatever way you put it, if you want paranoid security you shouldn't use a GUI
(Gnome or plain xlib wouldn't be better). And conversely, if you are using a
GUI you can just as well use KWallet, it makes little difference. In fact,
one could argue that you shouldn't even use the *-agents, but type in the
passphrase instead directly.
--
Martijn
More information about the Gpa-dev
mailing list