Create GPG key for KWallet

Generate a GPG key that can be used with KWallet.

918 views
d

By. Jacob

Edited: 2023-01-14 09:17

KWallet will keep showing a popup dialog to choose between classic, blowfish encryption and GPG encryption, and in case you are wondering, you should pick GPG (GNU Privacy Guard).

GPG keys may be used to encrypting and signing data, such as that stored in the KWallet password manager.

To create a new GPG key, there is a GUI tool called KGpg that can be found in KDE Discover, simply install and run this. After opening KGpg, just follow the instructions it gives you on screen. The process may take 2 minutes total.

1. When KGpg asks to name the GPG key, simply name it "KWallet", because you are probably not going to use it for anything else.

2. KGpg will ask you to enter a master password that can be used to access your wallet. I suggest you create the password with KeepassXC, and keep it stored there as well. KeepassXC password databases are encrypted, and it is one of the easiest way to manage all your passwords. Never reuse your passwords anywhere!

3. Optionally it also asks you to enter an e-mail address, but you can skip that, as you are probably not going to use it for anything.

KDE Wallet System Popup

One thing that's quite annoying when you just setup your new KDE desktop, is that certain applications is asking to store things in KWallet. This is the case for both Nextcloud and Google Chrome. So, what exactly is KWallet?

KWallet is a open source password manager used to remember logins by- or for certain applications. E.g. Google Chrome can use it to remember logins for various websites, and Nextcloud will use it to remember the login details for your Nextcloud server.

Security of KWallet

I trust KWallet to be fairly secure, and probably much more secure than applications own ways of storing passwords.

However, if you have read all the warnings over the years about Browsers mismanaging and leaking people's passwords, then you may be extra careful about allowing browsers to remember login details. Besides, if you already use a password manager like KeepassXC this feature is totally redundant.

I suppose the fact that Chrome asks to use KDE Wallet rather than using its own location for passwords is a very good thing, because then at least the information is going to be properly encrypted. BUT at the same time I still fear using it, because I do not know or trust my browser's actions outside of the KWallet — it might leak the data to somewhere else on disk without us knowing.

Personally I do not really care about this functionality, since I already use KeepassXC, and most websites will remember logged-in status with persistent cookies anyway. The "remember credentials" feature can be turned off in Chrome's settings. Another benefit from doing so is that you have one less popup to close, because browsers simply have too many annoying popups for irrelevant spam features, websites wanting to show notifications. Etc.

For things like Nextcloud or DropBox I see a real use, because I do not want to login to those every time my computer boots, and they probably don't use persistent cookies.

Tell us what you think:

  1. How to extract and install FileZilla from tar.bz2 in Ubuntu.
  2. Tutorial showing how to install a desktop like KDE or Cinnamon in Ubuntu.

More in: Kubuntu