Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
May 16, 2013, 5:40:25 PM (11 years ago)
- Author:
-
tomkiewicz
- Comment:
-
Update all info about keyring support.
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v4
|
v5
|
|
1 | 1 | Keyrings cryptographically secure your password in a way that would generally be more secure (although not perfect). It would require a master password, shared amongst all the applications on your computer, to get at your passwords. |
2 | 2 | |
3 | | Pidgin does not currently support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all. |
| 3 | Pidgin 2.x.y does not support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all (why? see PlainTextPasswords). However, 3.0.0 will support this feature. |
4 | 4 | |
5 | 5 | == Status == |
6 | 6 | |
7 | | This is being actively worked on by Tomasz Wasilczyk in the soc.2008.masterpassword branch of https://hg.pidgin.im/cpw/tomkiewicz/masterpassword The code has not been merged into the main development tree yet. |
| 7 | This is being actively worked on by Tomasz Wasilczyk in the soc.2008.masterpassword branch of hxxps://hg.pidgin.im/cpw/tomkiewicz/masterpassword. The code has not been merged into the main development tree yet, but it's ready for a review. |
8 | 8 | |
9 | 9 | This code initially came from a Google Summer of Code [wiki:GSoC2008/MasterPassword project] in 2008. |
10 | 10 | |
11 | | The GSoC branch ({{{im.pidgin.soc.2008.masterpassword}}}) has implementations for Freedesktop and KWallet. |
12 | | |
13 | | == See also == |
14 | | * wiki:PlainTextPasswords |
15 | | * The feature request is ticket #673 |
16 | | * [https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug] |
| 11 | == Related tickets == |
| 12 | * #673 |
| 13 | * [hxxps://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug #75850] |
17 | 14 | |
18 | 15 | == Specific keyrings == |
19 | 16 | |
20 | | === GNOME Keyring and KDE KSecretsService === |
21 | | Status: implemented but not integrated |
| 17 | === Internal keyring === |
| 18 | Status: implemented |
22 | 19 | |
23 | | These are the GNOME and KDE implementations of the [http://standards.freedesktop.org/secret-service/ Freedesktop Secret Service API], intended to provide a standard interface for Linux apps to store passwords and stuff. |
| 20 | It works in two modes: cleartext (passwords are stored unencrypted, as before) and using encryption with a master key. User needs to provide a master password once per every Pidgin startup. It uses AES-256 for encryption and PBKDF2-SHA256 for key derivation. |
24 | 21 | |
25 | | Pidgin would need to connect to the DBus API to store and retrieve passwords. There are several libraries to do this, including [https://live.gnome.org/Libsecret libsecret] and [https://pypi.python.org/pypi/keyring python-keyring]. |
| 22 | === GNOME Keyring and KWallet === |
| 23 | Status: implemented |
26 | 24 | |
27 | | === KDE KWallet === |
28 | | Status: implemented but not integrated |
| 25 | These are the GNOME and KDE specific keyrings, where user needs to provide a master password once (depending on configuration) per system startup. |
29 | 26 | |
30 | | Currently uses its own API, but there has been discussion about replacing it with KSecretsService using the standard API. |
| 27 | === Freedesktop Secret Service API === |
| 28 | Status: partially implemented, not integrated |
31 | 29 | |
| 30 | It's intended to provide a standard interface for Linux apps to store passwords and similar stuff. |
| 31 | |
| 32 | Pidgin connects to the [hxxp://standards.freedesktop.org/secret-service/ Secret Service] DBus API to store and retrieve passwords. There are several libraries to do this, including [hxxps://live.gnome.org/Libsecret libsecret] and [hxxps://pypi.python.org/pypi/keyring python-keyring]. |
| 33 | |
| 34 | === Windows credential manager === |
| 35 | Status: implemented |
| 36 | |
| 37 | This keyring encrypts passwords using Windows user account data. Its security depends on system configuration - encryption does nothing, if user’s account isn’t even protected with password. |
32 | 38 | |
33 | 39 | === KeePass === |
34 | | http://keepass.info/ |
| 40 | Status: not implemented |
35 | 41 | |
36 | 42 | Cross-platform, open-source password manager. |
37 | 43 | |
38 | | Integrating with Pidgin would involve either [http://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [http://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [http://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin]. |
| 44 | Integrating [hxxp://keepass.info/ KeePass] with Pidgin would involve either [hxxp://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [hxxp://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [hxxp://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin]. |
39 | 45 | |
40 | 46 | === Mac OS Keychain === |
41 | | https://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29 |
| 47 | Status: not implemented |
42 | 48 | |
43 | | [https://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation for Keychain] |
| 49 | This is [hxxps://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29 Mac OS specific keyring]. Here is [hxxps://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation] for it. |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!