Version: 1.4 (using 4.3.1 (KDE 4.3.1), compiled sources) Compiler: cc OS: FreeBSD (i386) release 7.2-STABLE Kwallet tries to prevent anyone from stealing passwords as best as it can. When looking up info in kwalletmanager you have to press 'Show values' each time so you don't accidentally display them. But exporting requires NO password and produces ALL passwords in plain text in one convenient file. Export (and probably import as well) should require the main password to be entered (again). And while there, 'Show values' as well. That switch should persist so you can more easily search for the information you are looking for; more of a flag to enable and disable the values column.
Hi, i, too, think that kwalletmanager is a bit too talkative in this regard. It's a big difference whether someone has two minutes to read my email or if he can extract the password and read them at home.
I would like to ask if somebody can please update this to be a severe bug instead of a wishlist item. Security issues can seriously compromise the usage of kwallet.
Along with the export as XML option, there should be another option to 'export as encrypted file'. It should also be decryptable by a standard tool like gpg or openssl.
(In reply to comment #3) > Along with the export as XML option, there should be another option to > 'export as encrypted file'. It should also be decryptable by a standard > tool like gpg or openssl. I opened a separate bug to keep track of your suggestion: https://bugs.kde.org/show_bug.cgi?id=337022
Good morning I'm going to KMyMoney Microsoft Money. I would like to tell you four enhancements that may be useful: 1) to add the default password; 2) add the button back and forth; 3) add auto-saving exit 4) move the button new file because deceiving. (translated by google)
(In reply to bilatino from comment #5) > Good morning I'm going to KMyMoney Microsoft Money. I would like to tell you > four enhancements that may be useful: 1) to add the default password; 2) add > the button back and forth; 3) add auto-saving exit 4) move the button new > file because deceiving. (translated by google) I don't know how the problems you have with KMyMoney are related with this Whish Report concerning KWalletManager. I have no choice but to ignore it. Perhaps you should file a new "whish" bug report and select KMyMoney as the target product.
I'm using fedora 23 with kwalletmanager5 I can confirm that wallets can be opened and exported to XML without a password: #!/bin/sh nohup /usr/bin/kwalletmanager5 > /dev/null 2>&1 & sleep 1 qdbus org.kde.kwalletmanager5 /kwalletmanager5/MainWindow_1 openWallet kdewallet qdbus org.kde.kwalletmanager5 /kwalletmanager5/MainWindow_1 activateAction wallet_export Just give the file a name and tell the dialog where you want it. Anyone with about 30 seconds of access to your desktop could get all your passwords and put them on a thumbdrive real quick. So protect your desktop. This also works with the older version of kwalletmanager if you take the 5's out of the commands.
Together with a key stroke macro and an autorun feature for a USB stick you can stick it in, distract someone so he turns around, you have all the keys in plain text.
Corection: The commands I gave above only work if an empty password is stored for the wallet, which many people do, and which I did when I tested this. If the wallet actually has a non-empty password, then the wallet must be already open to allow the XML export. Still many people do leave their wallets open to avoid having to punch in the wallet password all the time. So the OP still has a valid point. I too think the XML export should require a separate password entry
Removing "platform: FreeBSD" since it's not FreeBSD-specific. Confirmed, though, once again on FreeBSD 10.3 and KDE 4.14.30 -- with the wallet open, the export can be triggered through dbus.
All wallets should be used as indicated not as needed by false apps.