[PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet

Ingo Klöcker kloecker at kde.org
Thu Dec 4 11:50:18 CET 2003

On Wednesday 03 December 2003 22:56, Martijn Klingens wrote:
> Actually that means that on a KDE 3.2 system there are FOUR baskets:
> ssh-agent, gpg-agent, kdesud and kwallet. Each of them stores
> different passes, but ideally those should be only one app.

Just to clarify something: Neither ssh-agent nor gpg-agent nor kdesud 
(AFAIK) store passwords (in the sense of KWallet). They all cache 
passwords in secure (at least the two *-agent, if possible) memory. 
KWallet OTOH saves passwords on the harddisk. This makes a huge 
difference because KWallet keeps the passwords in two locations (on 
disk and in memory) while all the others only keep the password in 

BTW, AFAIK KWallet hasn't been audited by anyone (except George). Or has 

BTW2, it would be much easier if KWallet would use the user's private 
key to encrypt all passwords. Then gpg-agent would cache the wallet 
passphrase and nobody would have wanted to store his OpenPGP passphrase 
in the wallet. Unfortunately George chose to re-implement Blowfish and 
everything else instead of using existing well-tested crypto 
libraries/applications which have been audited several times by many 
people. I would feel much more comfortable.

> I agree that my approach only duplicates data in KWallet, the
> solution would be to make those four REALLY one app, but I have no
> idea where to start that :)

Well, make everything work with smart cards.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031204/cf78ba5d/attachment.bin

More information about the Gpa-dev mailing list