Notes on kdewallet

Hmm, it’s been a while since I last posted.  I guess I’m playing catchup.

With the relatively new Plasma 5, there are some oddities with “kwallet” (also called “kdewallet”).  I’ll be discussing those in this post.

Two wallets

The first thing to notice is that there are two wallets, which I shall refer to as “kwallet4” and “kwallet5”.  That’s mostly because some of the applications are left over from KDE4.  Presumably, those will eventually be updated to Plasma 5 native versions.  For me, “konqueror” and “akregator” are using “kwallet4”, while some other applications are using “kwallet5”.

As a result, I have to open both versions of kwallet when I start a Plasma 5 session.

In Opensuse Leap 42.1, this means that I have to give two different passwords.  For “kwallet4”, I am using gpg encryption, so I must give my gpg passphrase.  But, at least in Leap, “kwallet5” does not seem to support gpg encryption.  So I use a different password to open that wallet.

It’s a bit simpler with Tumbleweed.  There, I am able to use gpg encryption for both wallets.  If I open either of them, then I am prompted with a “pinentry” window to provide the passphrase for gpg-agent.  And then either wallet can open by consulting gpg-agent when needed.

It’s a pity that the KDE developer team did not program “kwallet5” to also emulate the behavior of “kwallet4”.  If they had done that, then only one wallet would be needed.

Migration woes

When you first open “kwallet5”, it is supposed to migrate entries from “kwallet4”.  So it prompts for the “kwallet4” password.  This seems to work.  Some of the entries that I am using in “kwallet5” are actually there because of the migration.

Sometimes this goes wrong, and the migration is repeated whenever you login to Plasma 5.  That happened to me on one computer.  And I have seen some reports in the opensuse forum, where it has been happening to others.

If you run into this problem, there’s a fairly easy way to “fix” it.

If I look in “.config/kwalletrc”, then the first three lines that I see are


Those lines are what prevents the migration from being repeated.  So, if you are running into this problem, simply edit those three lines into the top of “.config/kwalletrc”.

Kwallet manager

Since there are two kwallets, there are two manager applications.  One of those is “kwalletmanager” for “kwallet4”.  The other is “kwalletmanager5” for “kwallet5”.  Unfortunately, only one of these managers can be installed.  They apparently conflict.

In my experience, the manager for “kwallet4” is automatically installed.  And if I try to install “kwalletmanager5”, I see a conflict resolution dialogue which gives me the choice of uninstalling the “kwallet4” version of the manager so as to allow installing the “kwallet5” version.

My best advice is to start by configuring “kwallet4” as you want it.  Then install “kwalletmanager5”, after which you can configure “kwallet5”.  Some of the configuration probably requires that the appripriate wallet manager be running.  So that part won’t work if the appropriate manager is not installed.

Frequent password requests

One of the complaints that I have seen (and experienced), is that there are frequent requests for the password to open kwallet.  The default is to close the wallet when the last process stops using it.  The trick is to turn off that option.  Then the wallet stays open.

I had already turned off that option for “kwallet4”.  After installing “kwalletmanager5”, I turned off that option for “kwallet5”.  So now I no longer see multiple prompts to open the wallet.

I’m not completely sure whether this setting depends on the appropriate kwalletmanager process running.  In practice, I usually have “akregator” running, and that uses “kwallet4”.  So that, by itself, is enough to keep “kwallet4” open.  But perhaps if I were to close both “akregator” and “konqueror”, then maybe “kwallet4” would close.  I don’t know if that happens.  I’m using gpg encryption for “kwallet4”, and I have set “gpg-agent” to keep the encryption key available for several days.  So maybe “kwallet4” is closing and reopening without my noticing that.

Since setting “kwallet5” to stay open (using “kwalletmanager5” as indicated above), I have not been prompted more than once per session for the password to open “kwallet5”.  As far as I know, I am not running any long term process that keeps it open.  So it is the wallet setting that is doing the trick for me.

Starting over

If you have messed up your kwallet settings, then you can delete the wallet and start over.  If you want to preserve the content of the wallet, then you can save that before you delete the wallet.  However, saving wallet content into a file does require that the appropriate wallet manager process be available.  So you can only do that for the one that is installed.

To delete your kwallet, I recommend that you first logout from KDE.  I suggest a login to Icewm, or perhaps use CTRL-ALT-F1 (or similar) and login at a terminal.

To delete “kwallet5”:

rm .config/kwalletrc
rm .config/kwalletmanager5rc
rm -rf .local/share/kwalletd

To delete “kwallet4”:

rm .kde4/share/config/kwalletrc
rm .kde4/share/config/kwalletmanagerrc
rm .kde4/share/apps/kwallet

When you next login to plasma 5, the wallets will be recreated when first referenced, and you will be prompted for an encryption key to use.



About Neil Rickert

Mathematician and computer scientist who dabbles in cognitive science.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: