[Bug 52454] Re: GnuPG and kwallet integration

Mon Jun 18 18:25:00 UTC 2012

Launchpad has imported 41 comments from the remote bug at
https://bugs.kde.org/show_bug.cgi?id=81067.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2004-05-06T23:21:12+00:00 Somekool-f wrote:

Version:           1.0 (using KDE 3.2.1, Gentoo)
Compiler:          gcc version 3.3.2 20031218 (Gentoo Linux 3.3.2-r5, propolice-3.3-7)
OS:          Linux (i686) release 2.6.5-gentoo-r1

would it be possible that kwallet act as an SSH agent ?
it could store my SSH key, and when I ssh somewhere, it would publish do the job of ssh-agent or pageant (putty)

just an idea.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/0

------------------------------------------------------------------------
On 2004-06-24T10:09:13+00:00 frabcus wrote:

It might be fine (if a bit evil, but easier to implement) for KWallet to
store a passphrase, and launch a separate SSH agent.  Otherwise you'll
have to do something clever with the SSH agent code, KWallet and the
file format for public keys.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/1

------------------------------------------------------------------------
On 2004-06-27T03:08:29+00:00 Somekool-f wrote:

good idea, kwallet can just make sure there is a ssh-agent running and
trigger the ssh-add call for every keys stored in the configfile.

I'll attached a script i wrote quickly, just for the sake

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/2

------------------------------------------------------------------------
On 2004-06-27T03:14:28+00:00 Somekool-f wrote:

Created attachment 6484
script looks if there is an AGENT running and use it or start one.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/3

------------------------------------------------------------------------
On 2004-11-06T16:37:10+00:00 Staikos wrote:

*** Bug 87312 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/4

------------------------------------------------------------------------
On 2004-11-06T16:38:40+00:00 Staikos wrote:

*** Bug 82485 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/5

------------------------------------------------------------------------
On 2004-11-06T18:39:08+00:00 Somekool-f wrote:

to replace my script, there is a package made by gentoo that is also, at
least, available for SuSe, so I suppose that may become something
standard.

http://www.gentoo.org/proj/en/keychain/index.xml

on top of that, there is another package called "gtk2-ssh-askpasswd" or
something, which loads before KDE to ask the extra passwd.

I suppose, instead of asking for the passwd, it would be stored in the
wallet, and only the the part to load the ssh key into the agent is
needed.

well, if the passwd for the key is not found in the wallet, I suppose
kwallet has to ask it.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/6

------------------------------------------------------------------------
On 2004-11-06T18:40:06+00:00 Somekool-f wrote:

*** This bug has been confirmed by popular vote. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/7

------------------------------------------------------------------------
On 2005-02-05T13:16:07+00:00 Cppege430dtvg7d94rok-david-9ei9nyjpwdexk1if796s wrote:

See also bug 97419 which was requesting something similar (from a user's point of view). See the comment with a suggestion for a SSH_ASKPASS-compatible app using kwallet. (This seems to be slightly different to what is suggested in this bug, but maybe easier to implement).
As a sysadmin with about 30 machines under my control, being able to have all those passwords in kwallet would be very nice, however it is done!

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/8

------------------------------------------------------------------------
On 2005-11-09T18:55:10+00:00 Somekool-f wrote:

I just thought of something there....
instead of kwallet being an SSH agent, or having a password-less kwallet like some people like to have. kwallet could have to authentification, one is password, second is using the ssh key already loaded by the ssh agent.

I think most people who wanted a password-less kwallet was stricly
because they had to time their password twice or three times (login,
ssh, wallet)

the big advantage of having kwallet storing the ssh key and passphrase
would be to allow user to have multiple ssh key. but I don't know how
common is that ?

so maybe an easier work around would to allow kwallet to be
automatically open without a password using an ssh-agent. but requiring
a password in other cases.

so a login process could be something like this. you register your ssh-
key in the kcontrol first. then when you login, kdm is using your
password to try to load the ssh key on login so you don't have to type
your password twice and kwallet is opening automaticaly when requested
using the ssh-key authentification.

what do you guys think ? 

is that easier/better ?

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/9

------------------------------------------------------------------------
On 2005-11-10T11:34:14+00:00 Thiago Macieira wrote:

KWallet cannot be passwordless because the password encrypts the data.
If you remove the password, the contents are unprotected.

So this will only work if whatever backend supplies KWallet a decryption
key. Can ssh-agent do that?

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/10

------------------------------------------------------------------------
On 2005-11-11T23:16:08+00:00 Somekool-f wrote:

Oh I thought kwallet had already a password less mode. because I
remember tons of people asking for it on a separate ticket. anyway, it
makes sens that it needs a password if it use it as an encryption. makes
things more complicated to automatically open the wallet on agent
discovery.

could kwallet use the ssh-private key when the agent is loaded ?

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/11

------------------------------------------------------------------------
On 2006-01-31T15:31:29+00:00 Staikos wrote:

*** Bug 121086 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/12

------------------------------------------------------------------------
On 2006-04-13T07:26:14+00:00 Somekool-f wrote:

maybe I repeat myself, but basically. if gtk2-ssh-askpass-0.3 program
would be rewritten with kdelibs and kwallet support. it would just fetch
the password from the wallet and open the regular ssh-agent. if not
found in the kwallet, it would that act just like gtk2-ssh-askpass and
ask for the password.

NB: gtk2-ssh-askpass is a tiny GUI utility that ask your ssh-key
password on logon. it works well with kdm and kde, but I would rather
have it integrated with kwallet.

thanks

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/13

------------------------------------------------------------------------
On 2006-11-09T13:26:14+00:00 Angel-azrael wrote:

Maybe when kwallet is coming up, it could start keychain, a script for
controlling ssh-agent and gpg-agent, with all ssh and gpg keys it has.

keychain is a simple to use program.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/17

------------------------------------------------------------------------
On 2006-12-15T14:19:17+00:00 Bartoschek-e wrote:

I have created a small program that fetches the ssh passphrase from KWallet and uses it to add the key to ssh-agent. You can find it at
http://www.pontohonk.de/kde/ssh.html

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/18

------------------------------------------------------------------------
On 2006-12-16T10:43:02+00:00 Somekool-f wrote:

excellent, now kwallet just need to auto-open using the session password (kdm). 
thus only one password will be necessary.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/19

------------------------------------------------------------------------
On 2006-12-20T05:55:36+00:00 Somekool-f wrote:

just a quick comment to confirm the solution in comment #15 is working
like a charm. i don't need this gtk-ask-pass anymore. and thus I only
have the session password and the wallet password to type.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/20

------------------------------------------------------------------------
On 2006-12-20T08:45:06+00:00 Angel-azrael wrote:

May be the small program in comment #15 could be extended. Perhaps ist
could be used for gpg/pgp keys too. Or could be used for bluetooth
authentication.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/21

------------------------------------------------------------------------
On 2006-12-21T14:33:48+00:00 Somekool-f wrote:

another small comment

here is the content of my autostart file

somekool at krypton ~ $ cat .kde/Autostart/ssh-add.sh
#!/bin/sh
export SSH_ASKPASS=$HOME/bin/askpass
keychain id_rsa
source ~/.keychain/`uname -n`-sh
#/usr/bin/ssh-add

somekool at krypton ~ $

simply calling ssh-add would not do the trick. but it works fine with keychain.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/22

------------------------------------------------------------------------
On 2006-12-22T15:23:22+00:00 Bartoschek-e wrote:

Your remark in comment #19

Why is keychain needed? What is the error when you use ssh-add alone?

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/23

------------------------------------------------------------------------
On 2006-12-23T14:50:42+00:00 Somekool-f wrote:

it create or keeps the ssh-agent, call ssh-add automatically as well and
set shell variable ( I'm not exactly sure, but I think its what it does,
after all, the idea of using highlevel tools is to not care about
implementation ;) )

SSH_AUTH_SOCK=/tmp/ssh-nAoUks9274/agent.9274; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9275; export SSH_AGENT_PID;

I did not get an error with ssh-add, it just did not work, i dont know why.
ssh-add path was correct. i guess, ssh-add did not know what agent to add it too. i dont know.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/24

------------------------------------------------------------------------
On 2007-04-01T17:23:25+00:00 Kdebugs-mhade wrote:

There are kwallet-compatible replacements for ssh-agent and ssh-askpass
at http://hanz.nl/p/program. Might be a starting point.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/25

------------------------------------------------------------------------
On 2008-10-06T13:38:56+00:00 8-kde-g wrote:

Just store the unencrypted SSH private key directly in the wallet (let
the wallet handle encrypting it on disk) and supply it to ssh on demand
using the same Unix socket protocol that ssh-agent uses.  There's no
need for a separate key file, passphrase, or ssh-agent process.  The
ssh-agent socket protocol is dirt simple; KWallet should just implement
it directly.  Then the only moderately difficult part is importing SSH
keys into the wallet without ever writing them to disk unencrypted.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/27

------------------------------------------------------------------------
On 2008-10-06T15:10:13+00:00 8-kde-g wrote:

Created attachment 27714
kwallet-askpass.sh

Until such time as KWallet implements the ssh-agent protocol, I have
coded up an askpass-style script to let ssh-add read passphrases from
the KDE4 wallet via D-bus.

To use it, you need to add a folder to your wallet called 'ssh-agent' and add passwords to it, each given as its name the full absolute path to an SSH private key file, such as '/home/wendy/.ssh/id_rsa'.  Then add an auto-start script that calls ssh-add thusly:
SSH_ASKPASS=/path/to/kwallet-askpass.sh ssh-add < /dev/null &

Of course, the agent has to be running already.  For that, I recommend
uncommenting the lines in the agent-startup.sh and agent-shutdown.sh
scripts that come with KDE.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/28

------------------------------------------------------------------------
On 2008-11-01T15:32:26+00:00 8pp-kde-gj5 wrote:

This package
http://www.kde-apps.org/content/show.php/kssh-add?content=76675

Does the whole thing very seamlessly.  Sorry Matt, I couldn't make your
scripts work, but this more or less does the same.

Personally, I don't always want to run ssh-add at startup, so I use

alias ssh='if [[ ! `ssh-add -l| grep .ssh | wc -l` > 0 ]]; then ssh-add
< /dev/null; fi;        ssh'

in my .bashrc so that I run ssh-add if it doesn't already have the
passphrase.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/29

------------------------------------------------------------------------
On 2008-11-01T15:43:33+00:00 8pp-kde-gj5 wrote:

The problem I had with kwallet-askpasss.sh was:
>sh ./kwallet-askpass.sh
./kwallet-askpass.sh: 13: Syntax error: "(" unexpected

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/30

------------------------------------------------------------------------
On 2008-11-02T07:34:19+00:00 8-kde-g wrote:

(In reply to comment #25)
> This package
> http://www.kde-apps.org/content/show.php/kssh-add?content=76675
> 
> Does the whole thing very seamlessly.

That appears to be for KDE 3.5, whose KWallet uses DCOP rather than
D-Bus for interprocess communication.  My script is for the KWallet in
KDE 4.

(In reply to comment #26)
> The problem I had with kwallet-askpasss.sh was:
> >sh ./kwallet-askpass.sh
> ./kwallet-askpass.sh: 13: Syntax error: "(" unexpected

Not sure if functions are a POSIX shell feature or a bash extension.  It
might work if you remove the () after get_string, since the parens are
optional (and mistakenly I put them on one function declaration but not
on the other).  If that doesn't work, try changing the shebang line to
#!/bin/bash.  sh on my system is actually bash, but on some systems it's
something else.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/31

------------------------------------------------------------------------
On 2008-11-03T23:55:25+00:00 Matthew Woehlke wrote:

functions are a POSIX shell feature, however the syntax 'function foo()
{ ... }' is not. I think both 'function foo { ... }' and 'foo() { ... }'
are supported, but using both the keyword and ()'s is a syntax error
that bash happens to tolerate.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/32

------------------------------------------------------------------------
On 2008-11-04T00:21:19+00:00 Adrian Friedli wrote:

checkbashisms [1] is your friend, when you have to make a script POSIX
compatible.

[1]
http://svn.debian.org/viewsvn/devscripts/trunk/scripts/checkbashisms.pl?view=markup

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/33

------------------------------------------------------------------------
On 2008-11-05T02:32:23+00:00 8-kde-g wrote:

Created attachment 28336
kwallet-askpass.sh (sans bashisms)

Thank you, Matthew Woehlke and Adrian Friedli.  I have updated my script
to remove the bashisms.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/34

------------------------------------------------------------------------
On 2008-11-05T02:37:51+00:00 8-kde-g wrote:

Created attachment 28337
kwallet-askpass.sh (fixed typo)

Argh, sorry for the comment spam.  I had a typo. :(

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/35

------------------------------------------------------------------------
On 2008-11-29T09:26:47+00:00 Oswald Buddenhagen wrote:

wtf, re-add everyone to the cc list ...

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/36

------------------------------------------------------------------------
On 2009-03-26T10:12:44+00:00 Kde-bug-track wrote:

Created attachment 32405
modified script to get password from wallet

This code still doesn't work but now spits out the correct password, but
ssh-add is not playing nice and reading it in.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/37

------------------------------------------------------------------------
On 2009-12-23T01:03:18+00:00 Jimmy Berry wrote:

I fiddled around with retrieving folders from kwallet and such, but that
didn't seem to be as easy as attempt to just read the .ssh directory.

Someone else may know a good way to filter ssh keys or what-not (I am
not a shell script pro), but this seems to get the idea across.

for i in `ls --hide=*pub ~/.ssh`
do
  i=`readlink -f ~/.ssh/${i}`
  echo $i
  password=$(${dbus_send}readPassword int32:${handle} string:"${APPID}" string:"${i}" string:"${APPID}" | get_string)
  if [ "${password}" != "" ]
  then
    `echo $password > ssh-add $i` # not sure this works, but you get the idea
  fi
done

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/39

------------------------------------------------------------------------
On 2010-02-28T17:10:55+00:00 tomas wrote:

The script works for me, but only after I have logged in. If I use it in
.kde/Autostart I get the following messages in .xsession-errors:

Error org.freedesktop.DBus.Error.NoReply: Did not receive a reply.
Possible causes include: the remote application did not send a reply,
the message bus security policy blocked the reply, the reply timeout
expired, or the network connection was broken

I tried to start kwalletd in the script but without success.

The app in comment #15 works as it should, so I guess the script is
missing some initialization process. It would be nice to use the script
though because it's easier to modify.

Using OpenSUSE 11.2 and KDE 4.4.0.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/40

------------------------------------------------------------------------
On 2010-02-28T17:26:49+00:00 Bruno Bigras wrote:

If you want a quick working solution, install Ksshaskpass and put a
script in the ~/.kde/Autostart directory that has :

#!/bin/sh
SSH_ASKPASS=/usr/bin/ksshaskpass /usr/bin/ssh-add < /dev/null

chmod u+x that script and enjoy. It works perfectly for me and I don't
need to start kwallet myself.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/41

------------------------------------------------------------------------
On 2010-03-12T18:28:28+00:00 Cubranic-w wrote:

(In reply to comment #27)
> (In reply to comment #25)
> > This package
> > http://www.kde-apps.org/content/show.php/kssh-add?content=76675
> > 
> > Does the whole thing very seamlessly.
> 
> That appears to be for KDE 3.5, whose KWallet uses DCOP rather than D-Bus for
> interprocess communication.  My script is for the KWallet in KDE 4.

Ksshaskpass (http://www.kde-
apps.org/content/show.php/show.php?content=50971) now runs on KDE 4.

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/42

------------------------------------------------------------------------
On 2011-09-21T14:38:30+00:00 adaptee wrote:

*** Bug 282417 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/43

------------------------------------------------------------------------
On 2012-01-02T01:41:47+00:00 adaptee wrote:

*** Bug 278184 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/44

------------------------------------------------------------------------
On 2012-02-06T09:33:33+00:00 Dusty-w wrote:

That would be awesome!

Reply at: https://bugs.launchpad.net/kdelibs/+bug/52454/comments/45

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kde4libs in Ubuntu.
https://bugs.launchpad.net/bugs/52454

Title:
  GnuPG and kwallet integration

To manage notifications about this bug go to:
https://bugs.launchpad.net/kdelibs/+bug/52454/+subscriptions