Chapter 1. Introduction

Computer users have a very large amount of data to manage, some of which is sensitive. In particular, you will typically have many passwords to manage. Remembering them is difficult and writing them down on paper or in a text file is insecure.

KWallet provides a secure way to store passwords and other secret information, allowing the user to remember only a single password instead of numerous different passwords and credentials.

Create a Wallet

There are three ways to create a new wallet:

  • Use the menu item FileNew Wallet in the KWallet Manager

  • Use the New button in the System Settings module KDE Wallet

  • On the first attempt to store login information in a wallet when you did not create a wallet so far, see section Using KWallet.

KWallet offers two different ways to store your data:


Select encryption
Blowfish encryption

KWallet saves this sensitive data for you in a strongly encrypted file, accessible by all applications, and protected with a master password that you define.


Create a blowfish encrypted wallet

The data is encrypted with the Blowfish symmetric block cipher algorithm, the algorithm key is derived from the SHA-1 hash of the password, with a key length of 156 bits (20 bytes). The data into the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.

GPG encryption

GnuPG offers some very strong encryption algorithms and uses passphrase protected long keys.


No GPG key found

The screenshots above show the case where an encryption capable GPG key was not found on the system. Please use applications like KGpg or Kleopatra to create a key an try again.

If a GPG key was found you will get the next dialog where you can select a key to use for your new wallet.


Select an encryption key

KWallet will now use GPG when storing wallets and when opening them. The passphrase dialog only shows once. Even if the wallet is closed after initial open, subsequent opening will occur silently during the same KDE session.

The same KDE session can handle simultaneously both file formats. KWallet will transparently detect the file format and load the correct backend to handle it.

To use your sensitive data from your classic wallet with the new backend follow these steps:

  • Create a new GPG based wallet

  • Launch KWallet Manager and select your old wallet then choose FileExport as XML to create an XML file with your sensitive data.

  • Select the new GPG based wallet then choose FileImport XML and select the file you just saved.

    Encrypt the XML file to keep a backup.

  • FileImport Wallet but in that case you have to select the .kwl file corresponding to your old wallet, located in $KDEHOME/.kde/share/apps/kwallet.

  • Go to System Settings Account DetailsKDE Wallet and select the newly created GPG based wallet from the Select wallet to use as default combobox.

Tip

KWallet supports multiple wallets, so for the most secure operation, you should use one wallet for local passwords, and another for network passwords and form data. You can configure this behavior in the KWallet System Settings module, however the default setting is to store everything in one wallet.

A wallet is by default closed, which means that you must supply a password to open it. Once the wallet is opened, the contents can be accessed.