[kde-doc-english] KDE Secret Sync handbook page

[Valentin Rusu]

Hello,

As per blueck demand on the IRC, please find below a plain text page 
suitable for addition to the KWallet handbook, about the KDE Secret Sync 
tool.
Hope my english is not too bad. Do not hesitate to adjust it if it's not 
very intelligible/readable :-)

*************** Begin *************

KDE Secret Sync tool aims to help synchronize secrets, such as passwords 
and login-in account information, between several devices running KDE. 
It comes as a feature of the new KSecretsService infrastructure. For 
more information about this infrastructure, please check 
http://techbase.kde.org/Projects/Utils/ksecretsservice and also the 
project information page 
https://projects.kde.org/projects/kde/kdeutils/ksecrets. This tool is 
currently under development.

KDE Secret Sync uses cryptograpy to securely exchange the secrets 
between the devices. As such, it can be used over unsecure connections, 
such as the internet.

The operation is quite simple and it can follow one of the two scenarios:
- synchronize using a centralized resource,
- peer-to-peer synchronization.

*Using a centralized resource*
This operating mode requires full access to an IMAP server. The KDE 
Secret Sync tool creates an encrypted resource under the folder of your 
choice then it updates it each time a local secret collection changes, 
as notified by the KSecretsService infrastructure. This occurs each time 
an application updates it's secret information. KDE Secret Sync tool 
periodically checks this central resource for modifications and when 
updates are found, then they are pushed to the corresponding local 
collection.

This case requires permanent connection to an IMAP server. The KDE 
Secret Sync tool will hold sync operations during network outages. The 
security level of this kind of operation depends of the security of the 
IMAP server and the encrypting algorithm used to created the centralized 
resource. On the other hand, storing the secrets on that centralized 
resources can also be viewed as a backup.

*Peer-to-peer synchronization*
This operation mode does not require access to a centralized IMAP 
server. A list of known computers is used instead. KDE Secret Sync will 
initiate secret exchange sessions with each of it's known computers over 
a SSH tunnel. The local secret changes are propagated to the other known 
computers as soon as they are detected.

This case require a network connection between known devices. The KDE 
Secret Sync tool will hold sync operations with the devices that are not 
available due to network outages. A naming service should be used for 
devices that change IP address with each connection.

*************** End *************

-- 
Valentin Rusu (IRC valir, KDE vrusu)
KSecretsService (former KSecretService, KWallet replacement)