Context Navigation

Changes between Version 4 and Version 5 of KeyringSupport

Timestamp:: May 16, 2013, 5:40:25 PM (11 years ago)
Author:: tomkiewicz
Comment:: Update all info about keyring support.

Legend:

: Unmodified
: Added
: Removed
: Modified

KeyringSupport

-                      v4
+                      v5
 Keyrings cryptographically secure your password in a way that would generally be more secure (although not perfect). It would require a master password, shared amongst all the applications on your computer, to get at your passwords.
 Pidgin does not currently support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all.
+Pidgin 2.x.y does not support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all (why? see PlainTextPasswords). However, 3.0.0 will support this feature.
 == Status ==
 This is being actively worked on by Tomasz Wasilczyk in the soc.2008.masterpassword branch of  https://hg.pidgin.im/cpw/tomkiewicz/masterpassword  The code has not been merged into the main development tree yet.
+This is being actively worked on by Tomasz Wasilczyk in the soc.2008.masterpassword branch of  hxxps://hg.pidgin.im/cpw/tomkiewicz/masterpassword. The code has not been merged into the main development tree yet, but it's ready for a review.
 This code initially came from a Google Summer of Code [wiki:GSoC2008/MasterPassword project] in 2008.
+The GSoC branch ({{{im.pidgin.soc.2008.masterpassword}}}) has implementations for Freedesktop and KWallet.
+== See also ==
+* wiki:PlainTextPasswords
+* The feature request is ticket #673
+* [https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug]
+== Related tickets ==
+* #673
+* [hxxps://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug #75850]
 == Specific keyrings ==
 === GNOME Keyring and KDE KSecretsService ===
 Status: implemented but not integrated
+=== Internal keyring ===
+Status: implemented
 These are the GNOME and KDE implementations of the [http://standards.freedesktop.org/secret-service/ Freedesktop Secret Service API], intended to provide a standard interface for Linux apps to store passwords and stuff.
+It works in two modes: cleartext (passwords are stored unencrypted, as before) and using encryption with a master key. User needs to provide a master password once per every Pidgin startup. It uses AES-256 for encryption and PBKDF2-SHA256 for key derivation.
+Pidgin would need to connect to the DBus API to store and retrieve passwords. There are several libraries to do this, including [https://live.gnome.org/Libsecret libsecret] and [https://pypi.python.org/pypi/keyring python-keyring].
+=== GNOME Keyring and KWallet ===
+Status: implemented
+=== KDE KWallet ===
+Status: implemented but not integrated
+These are the GNOME and KDE specific keyrings, where user needs to provide a master password once (depending on configuration) per system startup.
+Currently uses its own API, but there has been discussion about replacing it with KSecretsService using the standard API.
+=== Freedesktop Secret Service API ===
+Status: partially implemented, not integrated
+It's intended to provide a standard interface for Linux apps to store passwords and similar stuff.
+Pidgin connects to the [hxxp://standards.freedesktop.org/secret-service/ Secret Service] DBus API to store and retrieve passwords. There are several libraries to do this, including [hxxps://live.gnome.org/Libsecret libsecret] and [hxxps://pypi.python.org/pypi/keyring python-keyring].
+=== Windows credential manager ===
+Status: implemented
+This keyring encrypts passwords using Windows user account data. Its security depends on system configuration - encryption does nothing, if user’s account isn’t even protected with password.
 === KeePass ===
+http://keepass.info/
+Status: not implemented
 Cross-platform, open-source password manager.
 Integrating with Pidgin would involve either [http://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [http://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [http://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin].
+Integrating [hxxp://keepass.info/ KeePass] with Pidgin would involve either [hxxp://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [hxxp://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [hxxp://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin].
 === Mac OS Keychain ===
+https://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29
+Status: not implemented
+[https://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation for Keychain]
+This is [hxxps://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29 Mac OS specific keyring]. Here is [hxxps://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation] for it.