Bug 382733 - kwallet export does not save salt file
Summary: kwallet export does not save salt file
Status: RESOLVED FIXED
Alias: None
Product: frameworks-kwallet
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Valentin Rusu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-25 22:50 UTC by Mate Soos
Modified: 2022-11-06 14:20 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Mate Soos 2017-07-25 22:50:13 UTC 
This is a very serious issue -- the "Save As..." functionality doesn't save the salt file (.salt) so the saved wallet can never be opened. In fact, this makes the "Save as..." functionality not only useless, but highly dangerous. I thought I had a backup, but I did not, as when I wanted to open the backup with "Import Wallet..." and clicked on the .kwl file, it "created" a new, random salt, which of course didn't work, so the correct password is not accepted, and what's worse, there is no correct password, as the random salt is nowhere. Hence, the backup was NOT a backup and was completely useless. This is _very_ serious and should be fixed as soon as possible.
Comment 1 Burkhard Lück 2017-07-26 05:18:18 UTC 
kwalletmanager master build from sources using frameworks 5.37.0 does not provide an action "Save As...".

The File menu has two export actions:

File->Export as XML: 
exports kdewallet.kwl in XML format (human readable)

File->Export as encrypted: 
exports kdewallet.kwl and kdewallet.salt to an encrypted file, which can be imported using File->Import encrypted

See also https://docs.kde.org/trunk5/en/kdeutils/kwallet5/kwalletmanager5.html

<quote>
If you want to transfer your secrets to another device or computer use the actions in the File menu. With Export as encrypted wallets can be exported into an encrypted archive file. Importing this archive file with Import encrypted you have to provide the master password of the wallet. 

Alternatively a .xml file can be used for transferring a wallet. Keep in mind that all secrets are stored as plain text in this file. 
</quote>

The documentation could be improved here, e.g adding:
* Export as encrypted exports the *.wallet and *.salt file
* Export as XML exports only the *.wallet file, not the *.salt file. Importing the xml file generates a new random *.salt file
Comment 2 Mate Soos 2017-07-26 20:38:38 UTC 
I think it's a really bad idea to have 2 files exported, a .kwl and a .salt. Inevitably, people will forget the salt. I strongly suggest to merge the two.
Comment 3 Burkhard Lück 2017-07-27 04:56:51 UTC 
(In reply to Mate Soos from comment #2)
> I strongly suggest to merge the two.

This happens already , the .kwl and .salt are exported into ONE encrypted archive file
Comment 4 Mate Soos 2017-07-31 20:29:06 UTC 
,Oh, OK. I didn't know that -- I exported it and it didn't import back, maybe I did something wrong :S Can you check for me that it does indeed import back?
Comment 5 Justin Zobel 2022-11-06 09:24:37 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 6 Mate Soos 2022-11-06 14:20:41 UTC 
This issue no longer exists. Closing.