IntroductionTable of Contents
Computer users have a very large amount of data to manage, some of which is sensitive. In particular, you will typically have many passwords to manage. Remembering them is difficult, writing them down on paper or in a text file is insecure, and using tools such at PGP is tedious and inconvenient.
KWallet saves this sensitive data for you in a strongly encrypted [1] file, accessible by all applications, and protected with a master password that you define.
Tip
KWallet supports multiple wallets, so for the most secure operation, you should use one wallet for local passwords, and another for network passwords and form data. You can configure this behavior in the KWallet System Settings module, however the default setting is to store everything in one wallet.
A wallet is by default closed, which means that you must supply a password to open it. Once the wallet is opened, the contents can be accessed.
If you visit e.g. the KDE bugtracker and enter the login data for the first time, a dialog pops up offering to store the password in an encrypted wallet:
If you want to store this information, select to proceed. In case you did not create a wallet so far, the next dialog asks for the wallet password and creates a wallet named kdewallet.
Next time you visit the same website again, the application requests to open the wallet. Enter the wallet password and click the button.
This connects the application to the wallet, enables it to read the login data from the wallet and to restore the login information for this website. Once an application is connected to the wallet, it can automatically restore any login information stored in the wallet.
[1] The data is encrypted with the Blowfish symmetric block cipher algorithm, the algorithm key is derived from the SHA-1 hash of the password, with a key length of 156 bits (20 bytes). The data into the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.