Web lists-archives.com

The situation of KWallet, and what to do about it?

Hi everyone,
I'm addressing both the Plasma team and kde-devel because this issue affects Plasma as well as many applications, and Valentin as the current maintainer of KWallet as well as KSecretService, a potential replacement for it.

KWallet plays a central role in Plasma and many KDE applications as the central password storage. However, it being very old and not having been actively developed for a long time, it has lots of problems, including:

- It has weak security, as it does not restrict applications accessing it by default, and even when it does, it does so simply based on application name which allows any malicious process to impersonate an allowed one - The initial setup has huge usability problems, as it forces users to make a choice on a very advanced technical level (encryption methods, no less!), and the option it suggests (GPG) is a nightmare to set up for ordinary users - It does support unlocking via PAM, but does not tell users what they need to do to make that work, which results in most users having to enter the KWallet password at each system start, which many find very annoying (we get lots of negative feedback for that)
- It works only with KDE Frameworks-based applications
- One cannot easily write a QML GUI for it, making it unsuitable for mobile

Valentin has been working on KSecretService for quite a while, which is based on the freedesktop Secrets API [1] that is also supported in GNOME Keyring, and would solve many (and ideally all) of the above problems. However, Valentin told me he does not have the time to work on KSecretService any more.

This means we have to find a solution to these problems. The options I see currently are - Improve KWallet (unlikely to fix all the problems without massive changes in it, though)
- Find someone to finish and maintain KSecretService
- Build a wrapper around one of the other existing keyring technologies
- Each application (and each Plasma component that stores passwords) implements its own encrypted password storage - We make encrypted password storage optional and non-default (easiest solution, but not exactly in line with KDE's vision)

So, what do we do?