Thursday, June 10, 2010

HOWTO: secure KDE wallet without a password

KDE wallets are great, but if one doesn't have a password, it's practically storing everything as cleartext. Not too secure. And, if one does, then you have to enter the password once per session (annoying).

Here's the workaround to use until the wallets subsystem gets integrated with the system log-in just like Gnome Keyring already is (i.e. eventually one wouldn't have to enter the password for the default wallet opened with the session). All we have to do is to re-locate the wallet, via a symbolic link, to the Private drive device. The private drive is mounted at the start of the session, and the wallet will be read off it. Anyone trying to look at your wallet without logging in will see a garbled file.

The result looks like the following:

maxim@maxim-laptop:~$ ls -la .kde/share/apps/kwallet/kdewallet.kwl
lrwxrwxrwx 1 maxim maxim 21 2010-06-11 00:59 .kde/share/apps/kwallet/kdewallet.kwl -> Private/kdewallet.kwl

Frankly, I don't know how well this will work; will try and report back.