Can I use kwallet to manage PGP keys?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite
3












I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).



Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?




Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?







share|improve this question

























    up vote
    2
    down vote

    favorite
    3












    I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).



    Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?




    Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?







    share|improve this question























      up vote
      2
      down vote

      favorite
      3









      up vote
      2
      down vote

      favorite
      3






      3





      I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).



      Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?




      Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?







      share|improve this question













      I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).



      Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?




      Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?









      share|improve this question












      share|improve this question




      share|improve this question








      edited Jun 26 at 19:44
























      asked Jun 21 at 16:51









      Baum mit Augen

      83112




      83112




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted
          +100










          Unlocking




          Is it possible to save the passwords in my kwallet in a way that
          automatically unlocks the keys as needed? If so, how can this be
          achieved?
          As far as I know this cannot be done in kWallet. Use gpg-agent instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?




          Other key management



          I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.




          GnuPG Settings



          Here you can configure which gpg binary and which configuration file
          and home folder are used. These values are autodetected on first start
          and should already work.



          Using the GnuPG agent makes work with GnuPG more comfortable as you do
          not need to type in your password for every action. It is cached in
          memory for a while so any operation that would require a password can
          immediately be done. Note that this may allow other people to use your
          private keys if you leave your session accessible to them.




          kMail



          The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.



          Integration



          Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)



          kMail is just another kind of front end. It invokes the gpg command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.



          The gpg-agent is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.




          Edit



          I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.



          You might have to manually install the package if your distro does not support it as well.



          Once again, arch wiki comes along and saves the day:




          Tip: For using /usr/bin/pinentry-kwallet you have to install the
          kwalletcli package.




          ~/.gnupg/gpg-agent.conf:
          #pinentry interface with kdewallet
          pinentry-program /usr/bin/pinentry-kwallet


          Alternative



          If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query for more info.



          However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.



          Note on ssh-agent



          If you get gpg-agent to work properly, you can use it also as a ssh-agent.






          share|improve this answer























          • Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
            – Baum mit Augen
            Jun 26 at 19:41











          • @BaummitAugen See my edit
            – Tim
            Jun 26 at 20:12










          • The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
            – Baum mit Augen
            Jun 26 at 20:39










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451153%2fcan-i-use-kwallet-to-manage-pgp-keys%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted
          +100










          Unlocking




          Is it possible to save the passwords in my kwallet in a way that
          automatically unlocks the keys as needed? If so, how can this be
          achieved?
          As far as I know this cannot be done in kWallet. Use gpg-agent instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?




          Other key management



          I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.




          GnuPG Settings



          Here you can configure which gpg binary and which configuration file
          and home folder are used. These values are autodetected on first start
          and should already work.



          Using the GnuPG agent makes work with GnuPG more comfortable as you do
          not need to type in your password for every action. It is cached in
          memory for a while so any operation that would require a password can
          immediately be done. Note that this may allow other people to use your
          private keys if you leave your session accessible to them.




          kMail



          The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.



          Integration



          Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)



          kMail is just another kind of front end. It invokes the gpg command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.



          The gpg-agent is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.




          Edit



          I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.



          You might have to manually install the package if your distro does not support it as well.



          Once again, arch wiki comes along and saves the day:




          Tip: For using /usr/bin/pinentry-kwallet you have to install the
          kwalletcli package.




          ~/.gnupg/gpg-agent.conf:
          #pinentry interface with kdewallet
          pinentry-program /usr/bin/pinentry-kwallet


          Alternative



          If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query for more info.



          However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.



          Note on ssh-agent



          If you get gpg-agent to work properly, you can use it also as a ssh-agent.






          share|improve this answer























          • Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
            – Baum mit Augen
            Jun 26 at 19:41











          • @BaummitAugen See my edit
            – Tim
            Jun 26 at 20:12










          • The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
            – Baum mit Augen
            Jun 26 at 20:39














          up vote
          1
          down vote



          accepted
          +100










          Unlocking




          Is it possible to save the passwords in my kwallet in a way that
          automatically unlocks the keys as needed? If so, how can this be
          achieved?
          As far as I know this cannot be done in kWallet. Use gpg-agent instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?




          Other key management



          I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.




          GnuPG Settings



          Here you can configure which gpg binary and which configuration file
          and home folder are used. These values are autodetected on first start
          and should already work.



          Using the GnuPG agent makes work with GnuPG more comfortable as you do
          not need to type in your password for every action. It is cached in
          memory for a while so any operation that would require a password can
          immediately be done. Note that this may allow other people to use your
          private keys if you leave your session accessible to them.




          kMail



          The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.



          Integration



          Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)



          kMail is just another kind of front end. It invokes the gpg command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.



          The gpg-agent is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.




          Edit



          I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.



          You might have to manually install the package if your distro does not support it as well.



          Once again, arch wiki comes along and saves the day:




          Tip: For using /usr/bin/pinentry-kwallet you have to install the
          kwalletcli package.




          ~/.gnupg/gpg-agent.conf:
          #pinentry interface with kdewallet
          pinentry-program /usr/bin/pinentry-kwallet


          Alternative



          If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query for more info.



          However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.



          Note on ssh-agent



          If you get gpg-agent to work properly, you can use it also as a ssh-agent.






          share|improve this answer























          • Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
            – Baum mit Augen
            Jun 26 at 19:41











          • @BaummitAugen See my edit
            – Tim
            Jun 26 at 20:12










          • The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
            – Baum mit Augen
            Jun 26 at 20:39












          up vote
          1
          down vote



          accepted
          +100







          up vote
          1
          down vote



          accepted
          +100




          +100




          Unlocking




          Is it possible to save the passwords in my kwallet in a way that
          automatically unlocks the keys as needed? If so, how can this be
          achieved?
          As far as I know this cannot be done in kWallet. Use gpg-agent instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?




          Other key management



          I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.




          GnuPG Settings



          Here you can configure which gpg binary and which configuration file
          and home folder are used. These values are autodetected on first start
          and should already work.



          Using the GnuPG agent makes work with GnuPG more comfortable as you do
          not need to type in your password for every action. It is cached in
          memory for a while so any operation that would require a password can
          immediately be done. Note that this may allow other people to use your
          private keys if you leave your session accessible to them.




          kMail



          The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.



          Integration



          Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)



          kMail is just another kind of front end. It invokes the gpg command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.



          The gpg-agent is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.




          Edit



          I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.



          You might have to manually install the package if your distro does not support it as well.



          Once again, arch wiki comes along and saves the day:




          Tip: For using /usr/bin/pinentry-kwallet you have to install the
          kwalletcli package.




          ~/.gnupg/gpg-agent.conf:
          #pinentry interface with kdewallet
          pinentry-program /usr/bin/pinentry-kwallet


          Alternative



          If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query for more info.



          However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.



          Note on ssh-agent



          If you get gpg-agent to work properly, you can use it also as a ssh-agent.






          share|improve this answer















          Unlocking




          Is it possible to save the passwords in my kwallet in a way that
          automatically unlocks the keys as needed? If so, how can this be
          achieved?
          As far as I know this cannot be done in kWallet. Use gpg-agent instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are, the agent should work out of the box. Perhaps it's even already running in the background?




          Other key management



          I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.




          GnuPG Settings



          Here you can configure which gpg binary and which configuration file
          and home folder are used. These values are autodetected on first start
          and should already work.



          Using the GnuPG agent makes work with GnuPG more comfortable as you do
          not need to type in your password for every action. It is cached in
          memory for a while so any operation that would require a password can
          immediately be done. Note that this may allow other people to use your
          private keys if you leave your session accessible to them.




          kMail



          The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.



          Integration



          Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the ~/.gnupg directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)



          kMail is just another kind of front end. It invokes the gpg command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.



          The gpg-agent is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.




          Edit



          I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.



          You might have to manually install the package if your distro does not support it as well.



          Once again, arch wiki comes along and saves the day:




          Tip: For using /usr/bin/pinentry-kwallet you have to install the
          kwalletcli package.




          ~/.gnupg/gpg-agent.conf:
          #pinentry interface with kdewallet
          pinentry-program /usr/bin/pinentry-kwallet


          Alternative



          If you don't want to or can't install kwalletcli, you might be able to do some scripting using the kwallet-query command. You will have to have knowledge about which wallet to open to obtain the password. See man kwallet-query for more info.



          However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.



          Note on ssh-agent



          If you get gpg-agent to work properly, you can use it also as a ssh-agent.







          share|improve this answer















          share|improve this answer



          share|improve this answer








          edited Jun 26 at 20:11


























          answered Jun 26 at 12:37









          Tim

          463211




          463211











          • Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
            – Baum mit Augen
            Jun 26 at 19:41











          • @BaummitAugen See my edit
            – Tim
            Jun 26 at 20:12










          • The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
            – Baum mit Augen
            Jun 26 at 20:39
















          • Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
            – Baum mit Augen
            Jun 26 at 19:41











          • @BaummitAugen See my edit
            – Tim
            Jun 26 at 20:12










          • The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
            – Baum mit Augen
            Jun 26 at 20:39















          Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
          – Baum mit Augen
          Jun 26 at 19:41





          Thank you for your answer. Especially the part about gpg-agent looks promising. Do you know if it can be set up in a manner similar to this? That looks pretty much exactly like what I'm looking for.
          – Baum mit Augen
          Jun 26 at 19:41













          @BaummitAugen See my edit
          – Tim
          Jun 26 at 20:12




          @BaummitAugen See my edit
          – Tim
          Jun 26 at 20:12












          The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
          – Baum mit Augen
          Jun 26 at 20:39




          The kwalletcli works like a charm, thank you! I suppose I'll leave the bounty up for a bit for the (probably unlikely) event that someone knows an even better solution; otherwise, I'll award to you.
          – Baum mit Augen
          Jun 26 at 20:39












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451153%2fcan-i-use-kwallet-to-manage-pgp-keys%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?