[PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet

Werner Koch wk at gnupg.org
Mon Dec 1 12:18:54 CET 2003


On Mon, 1 Dec 2003 09:55:06 +0100, Robert Schiele said:

> To be fair it should be mentioned that KWallet does _not_ store the passwords
> in clear text on the disk, but does encrypt it by a password that has to be
> entered each time kwallet is started. Thus it is somewhat similar to what the

And thus the clear passwords are floating around in KDE occupied
memory without much control.  In contrast gpg-agent is designed to
minimize traces of secrets left on system resources and to keep close
control over it.

If the goal is to make password entry easier, you should use gpg-agent
at least for gpgsm passwords and best also for gnupg passwords,
becuase at some point gpg will delegate all seret key operations to
gpg-agent.

> I can't tell exactly how smart encryption (AFAIK Blowfish) and management of
> passwords in KWallet are implemented, so I cannot tell whether it is a good
> idea to use it or not. But assuming that it is implemented in a smart way I

Assuming might not be the way to handle securit critical things ;-)

  Werner

-- 
Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org




More information about the Gpa-dev mailing list