[kde-doc-english] KDE Secret Sync handbook page
Burkhard Lück
lueck at hube-lueck.de
Mon Nov 28 08:58:10 UTC 2011
Am Sonntag, 27. November 2011, 23:11:01 schrieb Valentin Rusu:
> Hello,
>
> As per blueck demand on the IRC, please find below a plain text page
> suitable for addition to the KWallet handbook, about the KDE Secret Sync
> tool.
> Hope my english is not too bad. Do not hesitate to adjust it if it's not
> very intelligible/readable :-)
>
> *************** Begin *************
>
> KDE Secret Sync tool aims to help synchronize secrets, such as passwords
> and login-in account information, between several devices running KDE.
> It comes as a feature of the new KSecretsService infrastructure. For
> more information about this infrastructure, please check
> http://techbase.kde.org/Projects/Utils/ksecretsservice and also the
> project information page
> https://projects.kde.org/projects/kde/kdeutils/ksecrets. This tool is
> currently under development.
>
> KDE Secret Sync uses cryptograpy to securely exchange the secrets
> between the devices. As such, it can be used over unsecure connections,
> such as the internet.
>
> The operation is quite simple and it can follow one of the two scenarios:
> - synchronize using a centralized resource,
> - peer-to-peer synchronization.
>
> *Using a centralized resource*
> This operating mode requires full access to an IMAP server. The KDE
> Secret Sync tool creates an encrypted resource under the folder of your
> choice then it updates it each time a local secret collection changes,
> as notified by the KSecretsService infrastructure. This occurs each time
> an application updates it's secret information. KDE Secret Sync tool
> periodically checks this central resource for modifications and when
> updates are found, then they are pushed to the corresponding local
> collection.
>
> This case requires permanent connection to an IMAP server. The KDE
> Secret Sync tool will hold sync operations during network outages. The
> security level of this kind of operation depends of the security of the
> IMAP server and the encrypting algorithm used to created the centralized
> resource. On the other hand, storing the secrets on that centralized
> resources can also be viewed as a backup.
>
> *Peer-to-peer synchronization*
> This operation mode does not require access to a centralized IMAP
> server. A list of known computers is used instead. KDE Secret Sync will
> initiate secret exchange sessions with each of it's known computers over
> a SSH tunnel. The local secret changes are propagated to the other known
> computers as soon as they are detected.
>
> This case require a network connection between known devices. The KDE
> Secret Sync tool will hold sync operations with the devices that are not
> available due to network outages. A naming service should be used for
> devices that change IP address with each connection.
>
> *************** End *************
Some questions:
"Enable auto synchronization" is disabled by default and this has to be
checked/enabled first, right?
The General page has a Listening port, the "Known computers" list as well.
What is the relation between the Listening port and the computers ports?
* centralized resource/IMAP server
Name (resolvable) or IP and Port of IMAP server has to be added to "Known
computers" list?
Can I use any Port number?
What application/daemon is required to run on the IMAP server?
* Peer-to-peer synchronization
All peers have to be added to the "Known computers" list, all have to use the
same port number?
What application/daemon is required to run on the peers?
auto synchronization has to be enabled on all involved peers?
--
Burkhard Lück
More information about the kde-doc-english
mailing list