[PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet

Ralf Nolden nolden at kde.org
Sun Nov 30 21:53:59 CET 2003 

On Sonntag, 30. November 2003 21:12, Martijn Klingens wrote:
> On Sunday 30 November 2003 20:39, Ingo Klöcker wrote:
> > Sorry, but storing the passphrase which protects your OpenPGP key in
> > KWallet is (IMO) completely out of question. The passphrase must never
> > ever be stored in any form on the hard disk. I'm shocked that someone
> > actually proposes this. A tiny bug in KWallet (which I'm sure was never
> > seriously audited) and the OpenPGP keys of all KDE users would have to
> > be considered compromised.
>
> Well, if the wallet is compromised you have a problem anyway, with a GPG
> key in it or not. There's too much sensitive information in there, that's
> the whole nature of the wallet.
>
> If you don't trust the wallet don't use it, but if you have KWallet enabled
> it should be considered 'secure enough' for your setup.
>
> According to your logic KDE shouldn't ship with KWallet or at least never
> use it. While one could argue that the Kopete passwords in there aren't too
> important one certainly can't argue the same for the Konqueror passwords
> that I store in there.

Hmm. I think the difference that Ingo makes is between OpenPGP and anything 
else. And pinentry isn't just only used by OpenPGP but also for S/MIME 
passwords, so it is a sensible part of a security infrastructure with a PKI. 

Compare that to the current use of passwords in any program that requires a 
password for a data service. Kmail, Knode, kopete, konqueror. That's many 
many passwords stored in configuration files (because all of them with the 
exception of konqueror) store passwords - it's way too convenient for the 
user and sometimes he just gets his password assigned without a chance to 
change it (say, university mail accounts for example), so it's really hard to 
remember all his passwords at once with the logical implication that he would 
have to write them down and store them next to his machine or in a single 
text file or something. So for those "ordinary" applications, any encryption 
is better than no encryption at all. You should make the openPGP password the 
"master password" to KWallet and not using a different password to access 
your OpenPGP password. 

The logic of your patch just needs to be switched around. Use pinentry to open 
KWallet :-) Because you can also use OpenPGP and S/MIME smartcards that will 
require pinentry for ägypten plus you should be able to log in into KDM and 
other stuff.  Please propose to George to use pinentry to open KWallet with 
the same TTL that the gpg-agent has configured. That way you automatically 
encourage people to use GnuPG on their computers, which in turn helps 
spreading it and for the convenient use makes people use KDE :-)

Ralf

<
-- 
We're not a company, we just produce better code at less costs.
--------------------------------------------------------------------
Ralf Nolden
nolden at kde.org

The K Desktop Environment       The KDevelop Project
http://www.kde.org              http://www.kdevelop.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031130/3b700017/attachment.bin

More information about the Gpa-dev mailing list