Notes on kdewallet
Hmm, it’s been a while since I last posted. I guess I’m playing catchup.
With the relatively new Plasma 5, there are some oddities with “kwallet” (also called “kdewallet”). I’ll be discussing those in this post.
The first thing to notice is that there are two wallets, which I shall refer to as “kwallet4” and “kwallet5”. That’s mostly because some of the applications are left over from KDE4. Presumably, those will eventually be updated to Plasma 5 native versions. For me, “konqueror” and “akregator” are using “kwallet4”, while some other applications are using “kwallet5”.
As a result, I have to open both versions of kwallet when I start a Plasma 5 session.
In Opensuse Leap 42.1, this means that I have to give two different passwords. For “kwallet4”, I am using gpg encryption, so I must give my gpg passphrase. But, at least in Leap, “kwallet5” does not seem to support gpg encryption. So I use a different password to open that wallet.
It’s a bit simpler with Tumbleweed. There, I am able to use gpg encryption for both wallets. If I open either of them, then I am prompted with a “pinentry” window to provide the passphrase for gpg-agent. And then either wallet can open by consulting gpg-agent when needed.
It’s a pity that the KDE developer team did not program “kwallet5” to also emulate the behavior of “kwallet4”. If they had done that, then only one wallet would be needed.
When you first open “kwallet5”, it is supposed to migrate entries from “kwallet4”. So it prompts for the “kwallet4” password. This seems to work. Some of the entries that I am using in “kwallet5” are actually there because of the migration.
Sometimes this goes wrong, and the migration is repeated whenever you login to Plasma 5. That happened to me on one computer. And I have seen some reports in the opensuse forum, where it has been happening to others.
If you run into this problem, there’s a fairly easy way to “fix” it.
If I look in “.config/kwalletrc”, then the first three lines that I see are
Those lines are what prevents the migration from being repeated. So, if you are running into this problem, simply edit those three lines into the top of “.config/kwalletrc”.
Since there are two kwallets, there are two manager applications. One of those is “kwalletmanager” for “kwallet4”. The other is “kwalletmanager5” for “kwallet5”. Unfortunately, only one of these managers can be installed. They apparently conflict.
In my experience, the manager for “kwallet4” is automatically installed. And if I try to install “kwalletmanager5”, I see a conflict resolution dialogue which gives me the choice of uninstalling the “kwallet4” version of the manager so as to allow installing the “kwallet5” version.
My best advice is to start by configuring “kwallet4” as you want it. Then install “kwalletmanager5”, after which you can configure “kwallet5”. Some of the configuration probably requires that the appripriate wallet manager be running. So that part won’t work if the appropriate manager is not installed.
Frequent password requests
One of the complaints that I have seen (and experienced), is that there are frequent requests for the password to open kwallet. The default is to close the wallet when the last process stops using it. The trick is to turn off that option. Then the wallet stays open.
I had already turned off that option for “kwallet4”. After installing “kwalletmanager5”, I turned off that option for “kwallet5”. So now I no longer see multiple prompts to open the wallet.
I’m not completely sure whether this setting depends on the appropriate kwalletmanager process running. In practice, I usually have “akregator” running, and that uses “kwallet4”. So that, by itself, is enough to keep “kwallet4” open. But perhaps if I were to close both “akregator” and “konqueror”, then maybe “kwallet4” would close. I don’t know if that happens. I’m using gpg encryption for “kwallet4”, and I have set “gpg-agent” to keep the encryption key available for several days. So maybe “kwallet4” is closing and reopening without my noticing that.
Since setting “kwallet5” to stay open (using “kwalletmanager5” as indicated above), I have not been prompted more than once per session for the password to open “kwallet5”. As far as I know, I am not running any long term process that keeps it open. So it is the wallet setting that is doing the trick for me.
If you have messed up your kwallet settings, then you can delete the wallet and start over. If you want to preserve the content of the wallet, then you can save that before you delete the wallet. However, saving wallet content into a file does require that the appropriate wallet manager process be available. So you can only do that for the one that is installed.
To delete your kwallet, I recommend that you first logout from KDE. I suggest a login to Icewm, or perhaps use CTRL-ALT-F1 (or similar) and login at a terminal.
To delete “kwallet5”:
rm .config/kwalletrc rm .config/kwalletmanager5rc rm -rf .local/share/kwalletd
To delete “kwallet4”:
rm .kde4/share/config/kwalletrc rm .kde4/share/config/kwalletmanagerrc rm .kde4/share/apps/kwallet
When you next login to plasma 5, the wallets will be recreated when first referenced, and you will be prompted for an encryption key to use.