In today’s tutorial, we’ll see how to use KWalletManager to create a new wallet while creating and using a GPG key for its encryption.
KWallet provides a secure way to store passwords and other secret information, allowing users to remember only a single password instead of numerous passwords and credentials.
Using KGpg to create a GPG key
Start the KGpg program from the main menu. A dialog box appears, prompting us to select the GnuPG binary. We’ll use the system binary for this tutorial.
- If it can’t find one, KGpg will prompt us to create a GnuPG configuration file. Since this is a new key, we choose Create Config and leave the default path for the file.
- Next, we click the Finish button to generate a new key.
- 🔰 Information: Generating a new key may take minutes, depending on the hardware.
A dialog box appears, prompting us to create a new key pair. Enter your name, email address, and an optional comment. We can also choose an expiration time for your key, the key strength (number of bits), and algorithms.
Enter the passphrase in the following dialog box. At this point, the key appears in the main KGpg window.
- ⚠️ Important: We won’t be able to decrypt the data if we forget the passphrase.
This GnuPG key will also be available to other keyrings like the GNOME Keyring. We recommend also adding this key when prompted.
Creating a new wallet using KDE Wallet KCM
By default, a wallet named kdewallet will be used to store your passwords. Your login password secures this wallet and will automatically be opened at login.
- To create a new wallet, open System Settings, navigate to the KDE Wallet KCM, enable the KDE Wallet subsystem, and click Apply. Then, close and open System Settings again.
- 🔰 Information: A bug in the KCM prevents creating a new wallet without closing System Settings first. This is not a bug caused by Nitrux.
- ⚠️ Important: If the KDE Wallet subsystem is enabled and a wallet is not created, the dialog to create a wallet will be displayed on login every time. This is not a bug in Nitrux or caused by Nitrux.
- ⚠️ Important: An empty window will be displayed if the user launches the Wallet Manager without creating a wallet first. This is not a bug in Nitrux or caused by Nitrux.
Next, use the New button in the System Settings module KDE Wallet and enter a name for the wallet.
Then, select which encryption method to use for securing the wallet.
- Blowfish. KWallet saves this sensitive data in a strongly encrypted file, accessible by all applications and protected with a master password we define.
- The data is encrypted with the Blowfish symmetric block cipher algorithm; the algorithm key is derived from the SHA-1 hash of the password, with a critical length of 156 bits (20 bytes). The data in the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.
- GPG. GnuPG offers some powerful encryption algorithms and uses passphrase-protected long keys. If a GPG key is found, you will get the following dialog where you can select a key to use for your new wallet.
Since we created a GPG key, that’s what we’ll use.
Finally, we click Finish. Now, KWallet will use GPG when storing wallets and when opening them. The passphrase dialog only shows once. Even if the wallet is closed after the initial opening, subsequent opening will occur silently during the same session.
Disclaimer: We do not develop KWalletManager, the KDE Wallet KCM, the KWallet subsystem, or KGpg. Please create issues at the KDE bug tracker to request features or report problems.
For more information about KWallet, check The KWallet Handbook.
That’s it; this concludes today’s tutorial.