[PATCH] Make pinentry-qt read and store passphrases in KDE
3.2's wallet
Ingo Klöcker
kloecker at kde.org
Thu Dec 4 11:50:18 CET 2003
On Wednesday 03 December 2003 22:56, Martijn Klingens wrote:
> Actually that means that on a KDE 3.2 system there are FOUR baskets:
> ssh-agent, gpg-agent, kdesud and kwallet. Each of them stores
> different passes, but ideally those should be only one app.
Just to clarify something: Neither ssh-agent nor gpg-agent nor kdesud
(AFAIK) store passwords (in the sense of KWallet). They all cache
passwords in secure (at least the two *-agent, if possible) memory.
KWallet OTOH saves passwords on the harddisk. This makes a huge
difference because KWallet keeps the passwords in two locations (on
disk and in memory) while all the others only keep the password in
memory.
BTW, AFAIK KWallet hasn't been audited by anyone (except George). Or has
it?
BTW2, it would be much easier if KWallet would use the user's private
key to encrypt all passwords. Then gpg-agent would cache the wallet
passphrase and nobody would have wanted to store his OpenPGP passphrase
in the wallet. Unfortunately George chose to re-implement Blowfish and
everything else instead of using existing well-tested crypto
libraries/applications which have been audited several times by many
people. I would feel much more comfortable.
> I agree that my approach only duplicates data in KWallet, the
> solution would be to make those four REALLY one app, but I have no
> idea where to start that :)
Well, make everything work with smart cards.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031204/cf78ba5d/attachment.bin
More information about the Gpa-dev
mailing list