<?xml version="1.0" ?>
<!DOCTYPE book PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN" "dtd/kdex.dtd" [
<!ENTITY kwallet "<application>KWallet</application>">
<!ENTITY kwalletmanager "<application>KWallet Manager</application>">
<!ENTITY package "kwallet">
<!ENTITY kappname "&kwallet;">
<!ENTITY % addindex "IGNORE">
<!ENTITY % English "INCLUDE">
]>
<book id="kwallet" lang="&language;">
<bookinfo>
<title>The &kwallet; Handbook</title>
<authorgroup>
<author>
&George.Staikos; &George.Staikos.mail;
</author>
<author>
&Lauri.Watts; &Lauri.Watts.mail;
</author>
<othercredit role="developer">
<firstname>George</firstname><surname>Staikos</surname>
<affiliation><address>&George.Staikos.mail;</address></affiliation>
<contrib>Developer</contrib>
</othercredit>
<!-- TRANS:ROLES_OF_TRANSLATORS -->
</authorgroup>
<legalnotice>&FDLNotice;</legalnotice>
<date>2013-06-06</date>
<releaseinfo>1.10 (&kde; 4.11)</releaseinfo>
<abstract>
<para>
The wallet subsystem provides a convenient and secure way to manage all your
passwords.</para>
</abstract>
<keywordset>
<keyword>KDE</keyword>
<keyword>Kwallet</keyword>
<keyword>passwords</keyword>
<keyword>forms</keyword>
</keywordset>
</bookinfo>
<chapter id="introduction">
<title>Introduction</title>
<para>Computer users have a very large amount of data to manage, some of
which is sensitive. In particular, you will typically have many passwords
to manage. Remembering them is difficult, writing them down on paper or in
a text file is insecure, and using tools such at PGP is tedious and
inconvenient.</para>
<para>&kwallet; saves this sensitive data for you in a strongly encrypted
<footnote><para>
The data is encrypted with the
<ulink url="http://www.schneier.com/blowfish.html">Blowfish symmetric block cipher algorithm</ulink>,
the algorithm key is derived from the
<ulink url="http://www.ietf.org/rfc/rfc3174.txt">SHA-1 hash</ulink>
of the password, with a key length of 156 bits (20 bytes).
The data into the wallet file is also hashed with SHA-1 and checked
before the data is deciphered and accessible by the applications.
</para></footnote>
file, accessible by all applications, and protected with a master
password that you define.</para>
<tip>
<para>&kwallet; supports multiple wallets, so
for the most secure operation, you should use one wallet for local
passwords, and another for network passwords and form data. You can
configure this behavior in the &kwallet; &systemsettings; module, however
the default setting is to store everything in one wallet.</para>
</tip>
<para>A wallet is by default closed, which means that you must supply
a password to open it. Once the wallet is opened, the contents can
be accessed.</para>
<sect1 id="kwallet-using">
<title>Using &kwallet;</title>
<para>If you visit ⪚ the &kde; bugtracker and enter the login data for
the first time, a dialog pops up offering to store the password in an
encrypted wallet:</para>
<screenshot>
<screeninfo>Request to save login information</screeninfo>
<mediaobject>
<imageobject><imagedata fileref="save-login-information.png" format="PNG"/></imageobject>
<textobject><phrase>Request to save login information</phrase></textobject>
</mediaobject>
</screenshot>
<para>If you want to store this information, select <guibutton>Store</guibutton>
to proceed. In case you did not create a wallet so far, the next dialog asks for
the wallet password and creates a wallet named kdewallet.
</para>
<screenshot>
<screeninfo>Create a wallet</screeninfo>
<mediaobject>
<imageobject><imagedata fileref="first-open-request.png" format="PNG"/></imageobject>
<textobject><phrase>Create a wallet</phrase></textobject>
</mediaobject>
</screenshot>
<para>Next time you visit the same website again, the application requests to open the wallet.
Enter the wallet password and click the <guibutton>Open</guibutton> button.</para>
<screenshot>
<screeninfo>Request to open a wallet</screeninfo>
<mediaobject>
<imageobject><imagedata fileref="openwallet-request.png" format="PNG"/></imageobject>
<textobject><phrase>Request to open a wallet</phrase></textobject>
</mediaobject>
</screenshot>
<para>This connects the application to the wallet, enables it to read the login data from the wallet
and to restore the login information for this website. Once an application is connected to
the wallet, it can automatically restore any login information stored in the wallet.</para>
</sect1>
</chapter>
<chapter id="kwalletmanager">
<title>&kwalletmanager;</title>
<para>&kwalletmanager; serves a number of functions. Firstly it allows you to see if
any wallets are open, which wallets those are, and which applications are
using each wallet. You can disconnect an application's access to a wallet
from within the &kwalletmanager;.</para>
<para>You may also manage the wallets installed on the system, creating and
deleting wallets and manipulating their contents (changing keys, ...).</para>
<para>The &kwalletmanager; application is launched with <menuchoice>
<guimenu>Applications</guimenu><guisubmenu>System</guisubmenu>
<guimenuitem>Wallet Management Tool</guimenuitem></menuchoice> from the
application launcher.
Alternatively start &krunner; with shortcut <keycombo
action="simul">&Alt;<keycap>F2</keycap></keycombo> and enter
<command>kwalletmanager</command>.</para>
<para>A system tray icon indicates that a wallet is open:
<mediaobject>
<imageobject>
<imagedata fileref="oxygen48-status-wallet-open.png"/>
</imageobject>
</mediaobject>
When all
wallets are closed, the icon will reflect this by showing a closed
wallet:
<mediaobject>
<imageobject>
<imagedata fileref="oxygen48-status-wallet-closed.png"/>
</imageobject>
</mediaobject>
</para>
<para>Click once on the system tray wallet icon to display the &kwalletmanager;
window.</para>
<para>
<screenshot>
<screeninfo>Main window with one wallet</screeninfo>
<mediaobject>
<imageobject>
<imagedata fileref="kwalletmanager.png"/>
</imageobject>
<textobject>
<phrase>Main window with one wallet</phrase>
</textobject>
<caption><para>Main window with one wallet</para></caption>
</mediaobject>
</screenshot>
</para>
<!--FIXME
How to get assistant "First Use"? kwalletwizardpageintro.ui
Last code change with http://websvn.kde.org/?view=revision&revision=882694
see also https://bugs.kde.org/show_bug.cgi?id=290309
-->
<sect1 id="kwalletmanager-wallet-window">
<title>The Wallet Window</title>
<para>If you have more than one wallet all available wallets are shown as icons on the left. The Icons reflect the
current wallet status, either open or closed.
</para>
<para>Clicking on a wallet in the &kwalletmanager; window will display
that wallet's status and the contents of an opened wallet. A wallet may contain any number
of folders, which allow storing of password information. By default a wallet
will contain folders named Form Data and Passwords.
</para>
<screenshot>
<screeninfo>Main window with two wallets</screeninfo>
<mediaobject>
<imageobject>
<imagedata fileref="kwallet-edit.png"/>
</imageobject>
<textobject>
<phrase>Main window with two wallets</phrase>
</textobject>
<caption><para>Main window with two wallets</para></caption>
</mediaobject>
</screenshot>
<para>Use <guibutton>Open</guibutton> to display the content of a closed wallet.
You will be requested to enter the master password.</para>
<sect2>
<title>Contents tab</title>
<para>The <guilabel>Contents</guilabel> tab has three sections:</para>
<itemizedlist>
<listitem><para>A search line to filter the items of the current
wallet</para></listitem>
<listitem><para>The tree view of the folders contained in the wallet.
Click the <guiicon>></guiicon> / <guiicon>v</guiicon> icons to expand or collapse
the tree view.</para></listitem>
<listitem><para>The contents of the selected folder entry at the right side.
By default the password and value are hidden. To display and edit them enable
<guilabel>Show values</guilabel> or click the <guilabel>Show Contents</guilabel> button.
</para></listitem>
</itemizedlist>
<para>Folders may be added, deleted or renamed via the context menu, and selecting a folder will update
the folder entry list and the summary display. Selecting a folder entry
will update the entry contents pane, and allow you to edit that
entry.</para>
<para>Entries may also be created or deleted via the context menu for the
folder contents.</para>
<para>All folders and entries may be dragged and dropped into other wallets
or folders respectively. This allows a user to easily package up a new
wallet for transfer to another environment. For instance, a new wallet
could be created and copied onto a removable flash memory device. Important
passwords could be transferred there, so you have them available in other
locations.</para>
<sect3 id="kwallet-import-export">
<title>Import and Export</title>
<para>If you want to transfer your secrets to another device or computer use
the actions in the <guimenu>File</guimenu> menu. With <guimenuitem>Save As</guimenuitem>
wallets can be exported into an encrypted <filename class="extension">.kwl</filename> file.
Importing the <filename class="extension">.kwl</filename> file you have to provide the master password of the wallet.
</para>
<para>Alternatively a <filename class="extension">.xml</filename> file can be used for transferring
a wallet. Keep in mind that all secrets are stored as plain text in this file.
</para>
</sect3>
<sect3 id="kwallet-adding-entries">
<title>Adding Entries Manually</title>
<para>Open the context menu with the &RMB; click on <guilabel>Maps</guilabel> or
<guilabel>Passwords</guilabel> in the <guilabel>Folder</guilabel> tree view.
Select <guimenuitem>New</guimenuitem> and choose a name for the new entry.</para>
<para>In the folder contents pane select <guilabel>New Entry</guilabel> from
the context menu. For passwords click the <guilabel>Show Contents</guilabel>
button, enter the new password.
For Maps you have to add a <guilabel>Key</guilabel> and a <guilabel>Value</guilabel>.
Click the <guilabel>Save</guilabel> button to store the new entries in the encrypted
wallet file.
</para>
</sect3>
</sect2>
<sect2>
<title>Applications tab</title>
<para>
<screenshot>
<screeninfo>Applications tab</screeninfo>
<mediaobject>
<imageobject>
<imagedata fileref="kwallet-applications.png"/>
</imageobject>
<textobject>
<phrase>Applications tab</phrase>
</textobject>
<caption><para>Applications tab</para></caption>
</mediaobject>
</screenshot>
</para>
<para>The first list shows all applications currently connected to the selected wallet.
Use the button at the right side of each entry to disconnect the application.</para>
<para>In the second list all applications are displayed which are authorized to access the wallet.
Use the button right of each entry in the list to revoke the access.
</para>
<!-- FIXME difference to remove the policy in kwallermanager settings dialog?-->
</sect2>
</sect1>
</chapter>
<chapter id="kwallet-kcontrol-module">
<title>Configuring &kwallet;</title>
<sect1 id="wallet-preferences">
<title>Wallet Preferences</title>
<para>&kwallet; contains a small configuration panel with several options
that allow you to tune &kwallet; to your personal preferences. The
default settings for &kwallet; are sufficient for most users.</para>
<para>Check the box to enable or disable the &kde; wallet subsystem
entirely. If this box is unchecked, then &kwallet; is entirely disabled and
none of the other options here have any effect, nor will &kwallet; record
any information, or offer to fill in forms for you.</para>
<variablelist>
<title><guilabel>Close Wallet</guilabel></title>
<varlistentry>
<term><guilabel>Close when unused for:</guilabel></term>
<listitem>
<para>Close the current wallet after a period of inactivity. If you check this
option, set the period in the box, default is 10 minutes. When a wallet is
closed, the password is needed to access it again.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Close when screensaver starts</guilabel></term>
<listitem>
<para>Close the wallet as soon as the screen saver starts. When a wallet is
closed, the password is needed to access it again.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Close when last application stops using it</guilabel></term>
<listitem>
<para>Close the wallet as soon as applications that use it have stopped. Note
that your wallets will only be closed when all the applications that use it have
stopped. When a wallet is closed, the password is needed to access it
again.</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist>
<title><guilabel>Automatic Wallet Selection</guilabel></title>
<varlistentry>
<term><guilabel>Select wallet to use as default:</guilabel></term>
<listitem>
<para>Select which wallet you want to use as default wallet.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Different wallet for local passwords:</guilabel></term>
<listitem>
<para>If checked, choose a different wallet for local passwords.</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist>
<title><guilabel>Wallet Manager</guilabel></title>
<varlistentry>
<term><guilabel>Show manager in system tray</guilabel></term>
<listitem>
<para>Enable the wallet manager to have its icon in the system tray.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Hide System tray icon when last wallet
closes</guilabel></term>
<listitem>
<para>When there is no wallet in use anymore, remove the wallet icon from the
system tray.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Finally, there is a button labeled <guibutton>Launch Wallet
Manager</guibutton>, which does precisely that.</para>
<para>This button is only visible if &kwalletmanager; is not running</para>
</sect1>
<sect1 id="wallet-access-control">
<title>Access Control</title>
<para>There is only one option on this page:</para>
<variablelist>
<varlistentry>
<term><guilabel>Prompt when an application accesses a wallet</guilabel></term>
<listitem>
<para>Signal you when an application gains access to a wallet.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Next there is a tree style view of the access controls for your wallets.</para>
<para>Click with the &LMB; on the <guiicon>></guiicon> symbol beside a wallet name to
expand the tree. You will see the name of each application that has asked
for access to the wallet, and the policy you set for it. You cannot edit
policies here, or add them, but it is possible to delete an entry by &RMB;
clicking on it and choosing <guimenuitem>Delete</guimenuitem> from the
context menu that appears, or by simply selecting it and pressing the
<keysym>Del</keysym> key.</para>
<para>An application that has been allowed access to a wallet is granted access to
all passwords stored inside.</para>
<para>If you erroneously configured an application not to use the &kde; &kwalletmanager;
delete the policy for this application here.</para>
<!-- FIXME difference to Revoke Authorization in kwallermanager?-->
<para>
On the next start of this application you can define a new policy for access to the wallet.
</para>
<screenshot>
<screeninfo>Access request to open a wallet</screeninfo>
<mediaobject>
<imageobject>
<imagedata fileref="application-request-to-open-wallet.png"/>
</imageobject>
<textobject>
<phrase>Access request to open a wallet</phrase>
</textobject>
<caption><para>An application requesting access to a wallet</para></caption>
</mediaobject>
</screenshot>
</sect1>
<!-- ksecrets moved to playground in 4.9
<sect1 id="ksecretsync-kcontrol-module">
<title>&kde; Secret Sync</title>
<para>KDE Secret Sync tool aims to help synchronize secrets, such as passwords
and login-in account information, between several devices running KDE.
It comes as a feature of the new KSecretsService infrastructure. For
more information about this infrastructure, please check the
<ulink url="http://techbase.kde.org/Projects/Utils/ksecretsservice">KSecretsService page</ulink>
and also the
<ulink url="https://projects.kde.org/projects/kde/kdeutils/ksecrets">project information page</ulink>. This tool is
currently under development.</para>
<para>&kde; Secret Sync uses cryptography to securely exchange the secrets
between the devices. As such, it can be used over insecure connections,
such as the Internet.</para>
-->
<!-- not in gui 4.8.0
<para>The operation is quite simple and it can follow one of the two scenarios:</para>
<itemizedlist>
<listitem><para>synchronize using a centralized resource</para></listitem>
<listitem><para>peer-to-peer synchronization</para></listitem>
</itemizedlist>
<sect2 id="centralized-resource">
<title>Using a centralized resource</title>
<para>This operating mode requires full access to an IMAP server. The &kde;
Secret Sync tool creates an encrypted resource under the folder of your
choice then it updates it each time a local secret collection changes,
as notified by the KSecretsService infrastructure. This occurs each time
an application updates it's secret information. &kde; Secret Sync tool
periodically checks this central resource for modifications and when
updates are found, then they are pushed to the corresponding local
collection.</para>
<para>This case requires permanent connection to an IMAP server. The &kde;
Secret Sync tool will hold sync operations during network outages. The
security level of this kind of operation depends of the security of the
IMAP server and the encrypting algorithm used to created the centralized
resource. On the other hand, storing the secrets on that centralized
resources can also be viewed as a backup.</para>
</sect2>
-->
<!--
<sect2 id="peer-to-peer-synchronization">
<title>Peer-to-peer synchronization</title>
<para>This operation mode does not require access to a centralized (IMAP)
server. A list of known computers is used instead. &kde; Secret Sync will
initiate secret exchange sessions with each of it's known computers over
a SSH tunnel. The local secret changes are propagated to the other known
computers as soon as they are detected.</para>
<para>This case require a network connection between known devices. The &kde;
Secret Sync tool will hold sync operations with the devices that are not
available due to network outages. A naming service should be used for
devices that change IP address with each connection.</para>
<para>On the <guilabel>General</guilabel> tab check <guilabel>Enable auto synchronization</guilabel>
and adjust the port your computer is listening for this service. Go to the
<guilabel>Computers</guilabel> tab and add all remote computer names and the
port numbers they are listening for synchronization of secrets.</para>
</sect2>
</sect1>
-->
</chapter>
<chapter id="advanced-features">
<title>Advanced Features</title>
<para>Wallets can be dragged from the &kwalletmanager; window. This allows
you to drag the wallet to a file browser window, where you can choose to
copy, move, or link the wallet, as desired.</para>
<para>You might use this to save a wallet to portable media, such as a
USB keychain, so that you can take your passwords with you to work or
on a vacation, and still have easy access to important sites.</para>
<para>Future versions will have built-in functions for easy export or
copying of data to portable devices.</para>
<note>
<para>
Information on the internal structure of &kwallet; and some useful links
to the code where you can find the answers on questions about the
structure of the passwords records and the ciphers applied to keep
passwords confident can be found on
<ulink url="http://techbase.kde.org/Projects/Utils/kwallet">&kwallet;
TechBase page</ulink>.
</para>
</note>
</chapter>
<chapter id="credits-and-license">
<title>Credits and License</title>
<para>&kwallet; © 2003 &George.Staikos;</para>
<para>Documentation © &Lauri.Watts; and &George.Staikos;</para>
<!-- TRANS:CREDIT_FOR_TRANSLATORS -->
&underFDL;
&underGPL;
</chapter>
&documentation.index;
</book>
<!--
Local Variables:
mode: sgml
sgml-minimize-attributes:nil
sgml-general-insert-case:lower
sgml-indent-step:0
sgml-indent-data:nil
End:
// vim:ts=2:sw=2:tw=78:noet
-->
