[opensuse-factory] After Kmail upgrade, KWallet no longer using GPG encryption
One other thing that may have been left out of upgrade consideration is importing previous security settings as well. I always do an initial setup of Kwallet with GPG encryption, though in the latest upgrade, this has been automatically replaced with the simple passphrase method. What would be the best way to upgrade and assign the credentials in Kmail to GPG (I still have a laptop running TW that is still on Kmail4 until I figure out all the issues on my desktop with Kmail5)? For my Kmail5 setup, how to I re-enable GPG-level protection for my accounts?
On 01/25/2016 11:20 AM, Chan Ju Ping wrote:
I always do an initial setup of Kwallet with GPG encryption, though in the latest upgrade, this has been automatically replaced with the simple passphrase method.
You have "kwallet4" and "kwallet5". The update of kmail left you using "kwallet5". For me, "kwallet5" uses gpg encryption. But you probably set it up before gpg support was available for "kwallet5". Here's what I would do in your situation: 1: Install kwalletmanager5 (if not already installed). This might remove kwalletmanager (the "4" version). Maybe run that one last time to be sure you have the settings that you want. 2: Using "kwalletmanager5", save the content of kwallet5 to a file. If you have an encrypted partition, that might be a good place to save it. 3: Delete "kwallet" related files from ".config" and ".local/share/". It might be best to do that while logged into Icewm or at a command line session, so that you are not logged into KDE. 4: Log back into KDE and reinitialized "kwallet". There should be an option to use "gpg". 5: Using "kwalletmanager5", read your saved kwallet content back in from where you saved it. 6: After checking that all is good, you can shred the saved copy of kwallet content ("shred" command). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 25 Jan 2016 15:30:56 Neil Rickert wrote:
On 01/25/2016 11:20 AM, Chan Ju Ping wrote:
I always do an initial setup of Kwallet with GPG encryption, though in the latest upgrade, this has been automatically replaced with the simple passphrase method.
You have "kwallet4" and "kwallet5". The update of kmail left you using "kwallet5".
For me, "kwallet5" uses gpg encryption. But you probably set it up before gpg support was available for "kwallet5".
Good call. That was the missing package.
Here's what I would do in your situation:
1: Install kwalletmanager5 (if not already installed). This might remove kwalletmanager (the "4" version). Maybe run that one last time to be sure you have the settings that you want.
2: Using "kwalletmanager5", save the content of kwallet5 to a file. If you have an encrypted partition, that might be a good place to save it.
3: Delete "kwallet" related files from ".config" and ".local/share/". It might be best to do that while logged into Icewm or at a command line session, so that you are not logged into KDE.
4: Log back into KDE and reinitialized "kwallet". There should be an option to use "gpg".
5: Using "kwalletmanager5", read your saved kwallet content back in from where you saved it.
6: After checking that all is good, you can shred the saved copy of kwallet content ("shred" command).
I could re-engage the GPG setup, but after a few minutes of fudging around with trying to import the previous settings, I just ended up starting from scratch. Luckily I don't have many passwords saved. Thanks for the helpful guide.
On Monday, January 25, 2016 10:20:22 PM CST Chan Ju Ping wrote:
On Monday 25 Jan 2016 15:30:56 Neil Rickert wrote:
On 01/25/2016 11:20 AM, Chan Ju Ping wrote:
I always do an initial setup of Kwallet with GPG encryption, though in the latest upgrade, this has been automatically replaced with the simple passphrase method.
You have "kwallet4" and "kwallet5". The update of kmail left you using "kwallet5".
For me, "kwallet5" uses gpg encryption. But you probably set it up before gpg support was available for "kwallet5".
Good call. That was the missing package.
Here's what I would do in your situation: 1: Install kwalletmanager5 (if not already installed). This might
remove kwalletmanager (the "4" version). Maybe run that one last time to be sure you have the settings that you want.
2: Using "kwalletmanager5", save the content of kwallet5 to a file.
If you have an encrypted partition, that might be a good place to save it.
3: Delete "kwallet" related files from ".config" and
".local/share/". It might be best to do that while logged into Icewm or at a command line session, so that you are not logged into KDE.
4: Log back into KDE and reinitialized "kwallet". There should be
an option to use "gpg".
5: Using "kwalletmanager5", read your saved kwallet content back in
from where you saved it.
6: After checking that all is good, you can shred the saved copy of
kwallet content ("shred" command).
I find that I have had to ressurect this thread because today's update completely reset Kwallet5 setups on both my computers running TW. In fact, there does not seem to be a way to re-engage the KWallet5 subsystem to create a new wallet protected using gpg keys. Has something else changed today to cause this? And is there a manual way to tell KWallet to use GPG keys? I have tried renaming the kwallet related files (e.g. kwalletmanager5rc > kwalletmanager5rc.bac) in .config/ and .local/share to something else, to no avail.
Am Montag, 1. Februar 2016, 19:48:02 schrieb Chan Ju Ping:
Has something else changed today to cause this?
Yes. kwallet has been built without GPG support on Tumbleweed by mistake. This is fixed already though. https://build.opensuse.org/package/rdiff/KDE:Frameworks5/kwallet?linkrev=base&rev=91 So the next update should support GPG again.
And is there a manual way to tell KWallet to use GPG keys?
No. You'd need to build kwallet with GPG support. If you don't want to wait for the update, you can install kwallet5 from the KDE:Frameworks5 repo for now. The packages are: kwalletd5, libKF5Wallet5, libkwalletbackend5 (I'm not sure if all three are needed, but better update them all) Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Dienstag, 2. Februar 2016, 15:04:18 schrieb Wolfgang Bauer:
Am Montag, 1. Februar 2016, 19:48:02 schrieb Chan Ju Ping:
Has something else changed today to cause this?
Yes. kwallet has been built without GPG support on Tumbleweed by mistake. This is fixed already though.
PS: AFAICT the "broken" version never was in the Tumbleweed repo actually, the version in there is 2 weeks old and does seem to have GPG support judging from the package dependencies (haven't tried it though). So are you actually using the KDE:Frameworks5 repo by chance? In that case, just update your system to "fix" the GPG support. Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday, February 2, 2016 3:39:42 PM CST Wolfgang Bauer wrote:
Am Dienstag, 2. Februar 2016, 15:04:18 schrieb Wolfgang Bauer:
Am Montag, 1. Februar 2016, 19:48:02 schrieb Chan Ju Ping:
Has something else changed today to cause this?
Yes. kwallet has been built without GPG support on Tumbleweed by mistake. This is fixed already though.
PS: AFAICT the "broken" version never was in the Tumbleweed repo actually, the version in there is 2 weeks old and does seem to have GPG support judging from the package dependencies (haven't tried it though).
So are you actually using the KDE:Frameworks5 repo by chance? In that case, just update your system to "fix" the GPG support.
Kind Regards, Wolfgang
Thanks for checking! Yes, I am subscribed to the Frameworks5 repository. All the best! Ju Ping.
On Tuesday, 2 February 2016 13:10:38 CST Chan Ju Ping wrote:
On Tuesday, February 2, 2016 3:39:42 PM CST Wolfgang Bauer wrote:
Am Dienstag, 2. Februar 2016, 15:04:18 schrieb Wolfgang Bauer:
Am Montag, 1. Februar 2016, 19:48:02 schrieb Chan Ju Ping:
Has something else changed today to cause this?
Yes. kwallet has been built without GPG support on Tumbleweed by mistake. This is fixed already though.
PS: AFAICT the "broken" version never was in the Tumbleweed repo actually, the version in there is 2 weeks old and does seem to have GPG support judging from the package dependencies (haven't tried it though).
So are you actually using the KDE:Frameworks5 repo by chance? In that case, just update your system to "fix" the GPG support.
Kind Regards, Wolfgang
Thanks for checking! Yes, I am subscribed to the Frameworks5 repository.
All the best! Ju Ping.
I am going to assume I have done something non-ideal, because every time I restart now, I am not only asked for the password to the wallet, but also the password to the gpg key. This is getting quite messy. I am subscribed to the Frameworks, Extras, and Applications repositories for KDE, and have run all the updates to date. I guess these inconveniences are only temporary while ksecretservice is being prepared?
Am Dienstag, 2. Februar 2016, 21:48:12 schrieb Chan Ju Ping:
I am going to assume I have done something non-ideal, because every time I restart now, I am not only asked for the password to the wallet, but also the password to the gpg key. This is getting quite messy.
Hm, I suppose one of the password prompts is for the KDE4 kwallet, the other one for kwallet5. Did you configure *both* to use GPG? You still might use KDE4 applications that open the wallet. KMail is KF5 based now and uses kwallet5.
I am subscribed to the Frameworks, Extras, and Applications repositories for KDE, and have run all the updates to date.
Why? The main point of Tumbleweed is that you always get the latest versions in the main repo anyway (after testing). Ok, KDE:Extra does contain additional packages not included in the distribution, but you should have no need for KDE:Frameworks5 nor KDE:Applications. Those are the devel repos where the "updates" for Tumbleweed are being prepared, using them does involve a certain risk.
I guess these inconveniences are only temporary while ksecretservice is being prepared?
Ksecretservice is dead since years I think. Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday, February 3, 2016 2:00:59 PM CST Wolfgang Bauer wrote:
Am Dienstag, 2. Februar 2016, 21:48:12 schrieb Chan Ju Ping:
I am going to assume I have done something non-ideal, because every time I restart now, I am not only asked for the password to the wallet, but also the password to the gpg key. This is getting quite messy.
Hm, I suppose one of the password prompts is for the KDE4 kwallet, the other one for kwallet5. Did you configure *both* to use GPG?
I did in kwallet4. And now kwallet5. But then some stuff didn't get transferred correctly so I deleted anything with kwallet appended to it in ./ local/share and .config and that seemed to reinitiate the kwallet5 setup correctly. Until this week.
You still might use KDE4 applications that open the wallet. KMail is KF5 based now and uses kwallet5.
I am subscribed to the Frameworks, Extras, and Applications repositories for KDE, and have run all the updates to date.
Why? The main point of Tumbleweed is that you always get the latest versions in the main repo anyway (after testing).
Ok, KDE:Extra does contain additional packages not included in the distribution, but you should have no need for KDE:Frameworks5 nor KDE:Applications. Those are the devel repos where the "updates" for Tumbleweed are being prepared, using them does involve a certain risk.
That is quite true. I subscribed at first for kdeconnect5, then just to ensure I would always have the latest stuff. I don't know what elese major is still relying on kde4. I try to make sure they are all on Plasma 5.
I guess these inconveniences are only temporary while ksecretservice is being prepared?
Ksecretservice is dead since years I think.
Good to know. I thought I read a blog post from one of the KDE devs about it, thinking it would be a replaement.
Kind Regards, Wolfgang
On Thursday, 4 February 2016 12:20:15 CST Chan Ju Ping wrote:
On Wednesday, February 3, 2016 2:00:59 PM CST Wolfgang Bauer wrote:
Am Dienstag, 2. Februar 2016, 21:48:12 schrieb Chan Ju Ping:
I am going to assume I have done something non-ideal, because every time I restart now, I am not only asked for the password to the wallet, but also the password to the gpg key. This is getting quite messy.
Hm, I suppose one of the password prompts is for the KDE4 kwallet, the other one for kwallet5. Did you configure *both* to use GPG?
I did in kwallet4. And now kwallet5. But then some stuff didn't get transferred correctly so I deleted anything with kwallet appended to it in ./ local/share and .config and that seemed to reinitiate the kwallet5 setup correctly.
<snip> After deleting the wallets directly in Kwallet manager, I was able to reinitiate the wallet setup using GPG encryption. However, there seems to be some remnent setting, possibly from the previous manual mathod of deleting Kwallet that has resulted in repeated requests to recreate the previous deleted wallets. Recreating the wallets does not prevent Kwallet from requesting the recreation of the wallet on reboot. I am perfectly fine with resetting KWallet to start from scratch, but the instructions I have read have not been effective this time.
Op dinsdag 9 februari 2016 11:20:43 CET schreef Chan Ju Ping:
On Thursday, 4 February 2016 12:20:15 CST Chan Ju Ping wrote:
On Wednesday, February 3, 2016 2:00:59 PM CST Wolfgang Bauer wrote:
Am Dienstag, 2. Februar 2016, 21:48:12 schrieb Chan Ju Ping:
I am going to assume I have done something non-ideal, because every time I restart now, I am not only asked for the password to the wallet, but also the password to the gpg key. This is getting quite messy.
Hm, I suppose one of the password prompts is for the KDE4 kwallet, the other one for kwallet5. Did you configure *both* to use GPG?
I did in kwallet4. And now kwallet5. But then some stuff didn't get transferred correctly so I deleted anything with kwallet appended to it in ./ local/share and .config and that seemed to reinitiate the kwallet5 setup correctly.
<snip>
After deleting the wallets directly in Kwallet manager, I was able to reinitiate the wallet setup using GPG encryption. However, there seems to be some remnent setting, possibly from the previous manual mathod of deleting Kwallet that has resulted in repeated requests to recreate the previous deleted wallets.
Recreating the wallets does not prevent Kwallet from requesting the recreation of the wallet on reboot.
I am perfectly fine with resetting KWallet to start from scratch, but the instructions I have read have not been effective this time.
Logout of the desktop, in the login screen hit Ctrl-Alt-F1 login with username and password do rm ~/.config/kwallet* rm ~/.kde4/share/config/kwallet* rm -rf ~/.kde4/share/apps/kwallet rm -rf ~/.local/share/kwallet* exit Next hit Ctrl-Alt-F7 and login. kwallet should make a clean start now. -- Gertjan Lettink, a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday, 9 February 2016 20:57:13 CST Knurpht - Gertjan Lettink wrote:
Logout of the desktop, in the login screen hit Ctrl-Alt-F1 login with username and password do rm ~/.config/kwallet* rm ~/.kde4/share/config/kwallet* rm -rf ~/.kde4/share/apps/kwallet rm -rf ~/.local/share/kwallet* exit Next hit Ctrl-Alt-F7 and login. kwallet should make a clean start now.
Thanks for the instructions. This cleared away one of the wallets from requesting a setup, unfortunately, the new wallet won't properly initialize. This is the error I am getting while trying to set up kwallet again. " Encryption error while attempting to save the wallet kdewallet. Error code is 55 (Invalid value). Please fix your system configuration, then try again. This error may occur if you are not using a full trust GPG key. Please ensure you have the secret key for the key you are using. " This error message pops up every time I need to enter the password for my email accounts, and furthermore, pops up again on reboot, requesting creation of a wallet again. I am certain nothing is wrong with my GPG keys, as they are already ultimately trusted.
On Tuesday, 9 February 2016 18:29:15 CST Chan Ju Ping wrote:
On Tuesday, 9 February 2016 20:57:13 CST Knurpht - Gertjan Lettink wrote:
Logout of the desktop, in the login screen hit Ctrl-Alt-F1 login with username and password do rm ~/.config/kwallet* rm ~/.kde4/share/config/kwallet* rm -rf ~/.kde4/share/apps/kwallet rm -rf ~/.local/share/kwallet* exit Next hit Ctrl-Alt-F7 and login. kwallet should make a clean start now.
Thanks for the instructions. This cleared away one of the wallets from requesting a setup, unfortunately, the new wallet won't properly initialize.
This is the error I am getting while trying to set up kwallet again.
" Encryption error while attempting to save the wallet kdewallet. Error code is 55 (Invalid value). Please fix your system configuration, then try again. This error may occur if you are not using a full trust GPG key. Please ensure you have the secret key for the key you are using. "
This error message pops up every time I need to enter the password for my email accounts, and furthermore, pops up again on reboot, requesting creation of a wallet again.
I am certain nothing is wrong with my GPG keys, as they are already ultimately trusted.
So it turns out that some remnent setting for the default wallet "kdewallet" remained. And I have temporarily resolved the issue by creating a new wallet and setting that as the default.
participants (4)
-
Chan Ju Ping -
Knurpht - Gertjan Lettink -
Neil Rickert -
Wolfgang Bauer