https://bugs.kde.org/show_bug.cgi?id=313216
--- Comment #38 from michaelk83 <mk.mat...@gmail.com> --- (In reply to Björn Bidar (Thaodan) from comment #34) > (In reply to Alexander Schlarb from comment #33) > > (In reply to Thaodan from comment #32) > > > (In reply to Alexander Schlarb from comment #29) > > > > > > > Finally, how would you feel about replacing the existing KWallet daemon > > > > with > > > > a proxy implementation that forwards all calls on the KWallet D-Bus API > > > > to > > > > org.freedesktop.Secrets/KeePassXC? ... > > > > > > This could break usescases that use GPG to encrypt the password database. > > > > I see, didn't know KWallet could do that. Is this a blocker though? When do > > people actually use this option over master passwords (and especially the > > auto-unlock with login password option)? > > When they want to secure the wallet by more then a password, especially when > the authentication method is separate from the computer e.g. on smartcard. > This also allows to cache the authentication to limit the time the wallet > can be opened without opening the authentication method again. > > This is also a part of a central authentication with a key instead of a > password and allows physical separation from the device that requests the > authentication and they one that stores the secret that is unlocked. > This then allows to remove the physical token when the user leaves the > computer. If KWallet daemon is replaced by a proxy forwarding to KeePassXC (or some other Secret Service provider), then encryption is handled by the Secret Service provider, so GPG is no longer needed. Of course, the user would have to choose, either use the full KWallet + GPG, or proxy + Secret Service backend. A similar idea was proposed in https://github.com/keepassxreboot/keepassxc/issues/3679#issuecomment-578498231 . Specifically KeePassXC already supports using an external key file or device (YubiKey et al) as one of the DB credentials. It has configurable auto-lock time limit. There are also plans for QuickUnlock using PIN or fingerprint, though not yet supported on Linux. So I think KeePassXC already covers the GPG use case. However, we're now seeing this issue with the new native support for Secret Service API in KWallet Framework 5.97.0: see Bug 458085 comment 13. -- You are receiving this mail because: You are watching all bug changes.
