The situation of KWallet, and what to do about it?

Thomas Pfeiffer thomas.pfeiffer at
Thu Jul 7 10:36:26 UTC 2016

Hi everyone,
I'm addressing both the Plasma team and kde-devel because this issue affects 
Plasma as well as many applications, and Valentin as the current maintainer of 
KWallet as well as KSecretService, a potential replacement for it.

KWallet plays a central role in Plasma and many KDE applications as the central 
password storage. However, it being very old and not having been actively 
developed for a long time, it has lots of problems, including:

- It has weak security, as it does not restrict applications accessing it by 
default, and even when it does, it does so simply based on application name 
which allows any malicious process to impersonate an allowed one
- The initial setup has huge usability problems, as it forces users to make a 
choice on a very advanced technical level (encryption methods, no less!), and 
the option it suggests (GPG) is a nightmare to set up for ordinary users
- It does support unlocking via PAM, but does not tell users what they need to 
do to make that work, which results in most users having to enter the KWallet 
password at each system start, which many find very annoying (we get lots of 
negative feedback for that)
- It works only with KDE Frameworks-based applications
- One cannot easily write a QML GUI for it, making it unsuitable for mobile

Valentin has been working on KSecretService for quite a while, which is based on 
the freedesktop Secrets API [1] that is also supported in GNOME Keyring, and 
would solve many (and ideally all) of the above problems.
However, Valentin told me he does not have the time to work on KSecretService 
any more.

This means we have to find a solution to these problems. The options I see 
currently are
- Improve KWallet (unlikely to fix all the problems without massive changes in 
it, though)
- Find someone to finish and maintain KSecretService
- Build a wrapper around one of the other existing keyring technologies
- Each application (and each Plasma component that stores passwords) implements 
its own encrypted password storage
- We make encrypted password storage optional and non-default (easiest solution, 
but not exactly in line with KDE's vision)

So, what do we do?


More information about the Plasma-devel mailing list