Can I use kwallet to manage PGP keys?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).
Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?
Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?
kde gpg plasma5 kwallet kmail
add a comment |Â
up vote
2
down vote
favorite
I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).
Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?
Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?
kde gpg plasma5 kwallet kmail
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).
Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?
Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?
kde gpg plasma5 kwallet kmail
I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).
Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?
Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?
kde gpg plasma5 kwallet kmail
edited Jun 26 at 19:44
asked Jun 21 at 16:51
Baum mit Augen
83112
83112
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
Unlocking
Is it possible to save the passwords in my kwallet in a way that
automatically unlocks the keys as needed? If so, how can this be
achieved?
As far as I know this cannot be done in kWallet. Usegpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?
Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
GnuPG Settings
Here you can configure which gpg binary and which
configuration file
and home folder are used. These values are autodetected on first start
and should already work.
Using the GnuPG agent makes work with GnuPG more comfortable as you do
not need to type in your password for every action. It is cached in
memory for a while so any operation that would require a password can
immediately be done. Note that this may allow other people to use your
private keys if you leave your session accessible to them.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)
kMail is just another kind of front end. It invokes the gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.
The gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.
Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Tip: For using /usr/bin/pinentry-kwallet you have to install the
kwalletcli package.
~/.gnupg/gpg-agent.conf:
#pinentry interface with kdewallet
pinentry-program /usr/bin/pinentry-kwallet
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query
for more info.
However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
Unlocking
Is it possible to save the passwords in my kwallet in a way that
automatically unlocks the keys as needed? If so, how can this be
achieved?
As far as I know this cannot be done in kWallet. Usegpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?
Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
GnuPG Settings
Here you can configure which gpg binary and which
configuration file
and home folder are used. These values are autodetected on first start
and should already work.
Using the GnuPG agent makes work with GnuPG more comfortable as you do
not need to type in your password for every action. It is cached in
memory for a while so any operation that would require a password can
immediately be done. Note that this may allow other people to use your
private keys if you leave your session accessible to them.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)
kMail is just another kind of front end. It invokes the gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.
The gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.
Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Tip: For using /usr/bin/pinentry-kwallet you have to install the
kwalletcli package.
~/.gnupg/gpg-agent.conf:
#pinentry interface with kdewallet
pinentry-program /usr/bin/pinentry-kwallet
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query
for more info.
However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
add a comment |Â
up vote
1
down vote
accepted
Unlocking
Is it possible to save the passwords in my kwallet in a way that
automatically unlocks the keys as needed? If so, how can this be
achieved?
As far as I know this cannot be done in kWallet. Usegpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?
Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
GnuPG Settings
Here you can configure which gpg binary and which
configuration file
and home folder are used. These values are autodetected on first start
and should already work.
Using the GnuPG agent makes work with GnuPG more comfortable as you do
not need to type in your password for every action. It is cached in
memory for a while so any operation that would require a password can
immediately be done. Note that this may allow other people to use your
private keys if you leave your session accessible to them.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)
kMail is just another kind of front end. It invokes the gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.
The gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.
Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Tip: For using /usr/bin/pinentry-kwallet you have to install the
kwalletcli package.
~/.gnupg/gpg-agent.conf:
#pinentry interface with kdewallet
pinentry-program /usr/bin/pinentry-kwallet
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query
for more info.
However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
Unlocking
Is it possible to save the passwords in my kwallet in a way that
automatically unlocks the keys as needed? If so, how can this be
achieved?
As far as I know this cannot be done in kWallet. Usegpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?
Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
GnuPG Settings
Here you can configure which gpg binary and which
configuration file
and home folder are used. These values are autodetected on first start
and should already work.
Using the GnuPG agent makes work with GnuPG more comfortable as you do
not need to type in your password for every action. It is cached in
memory for a while so any operation that would require a password can
immediately be done. Note that this may allow other people to use your
private keys if you leave your session accessible to them.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)
kMail is just another kind of front end. It invokes the gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.
The gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.
Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Tip: For using /usr/bin/pinentry-kwallet you have to install the
kwalletcli package.
~/.gnupg/gpg-agent.conf:
#pinentry interface with kdewallet
pinentry-program /usr/bin/pinentry-kwallet
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query
for more info.
However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.
Unlocking
Is it possible to save the passwords in my kwallet in a way that
automatically unlocks the keys as needed? If so, how can this be
achieved?
As far as I know this cannot be done in kWallet. Usegpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?
Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
GnuPG Settings
Here you can configure which gpg binary and which
configuration file
and home folder are used. These values are autodetected on first start
and should already work.
Using the GnuPG agent makes work with GnuPG more comfortable as you do
not need to type in your password for every action. It is cached in
memory for a while so any operation that would require a password can
immediately be done. Note that this may allow other people to use your
private keys if you leave your session accessible to them.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)
kMail is just another kind of front end. It invokes the gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.
The gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.
Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Tip: For using /usr/bin/pinentry-kwallet you have to install the
kwalletcli package.
~/.gnupg/gpg-agent.conf:
#pinentry interface with kdewallet
pinentry-program /usr/bin/pinentry-kwallet
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query
for more info.
However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.
edited Jun 26 at 20:11
answered Jun 26 at 12:37
Tim
463211
463211
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
add a comment |Â
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
â Baum mit Augen
Jun 26 at 19:41
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
@BaummitAugen See my edit
â Tim
Jun 26 at 20:12
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
â Baum mit Augen
Jun 26 at 20:39
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451153%2fcan-i-use-kwallet-to-manage-pgp-keys%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password