Keyrings cryptographically secure your password in a way that would generally be more secure (although not perfect). It would require a master password, shared amongst all the applications on your computer, to get at your passwords.

Pidgin 2.x.y does not support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all (why? see PlainTextPasswords). However, 3.0.0 will support this feature.

Status

This is being actively worked on by Tomasz Wasilczyk in the soc.2008.masterpassword branch of hxxps://hg.pidgin.im/cpw/tomkiewicz/masterpassword. The code has not been merged into the main development tree yet, but it's ready for a review.

This code initially came from a Google Summer of Code project in 2008.

Related tickets

• #673
• [hxxps://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug #75850]

Specific keyrings

Internal keyring

Status: implemented

It works in two modes: cleartext (passwords are stored unencrypted, as before) and using encryption with a master key. User needs to provide a master password once per every Pidgin startup. It uses AES-256 for encryption and PBKDF2-SHA256 for key derivation.

GNOME Keyring and KWallet

Status: implemented

These are the GNOME and KDE specific keyrings, where user needs to provide a master password once (depending on configuration) per system startup.

Freedesktop Secret Service API

Status: partially implemented, not integrated

It's intended to provide a standard interface for Linux apps to store passwords and similar stuff.

Pidgin connects to the [hxxp://standards.freedesktop.org/secret-service/ Secret Service] DBus API to store and retrieve passwords. There are several libraries to do this, including [hxxps://live.gnome.org/Libsecret libsecret] and [hxxps://pypi.python.org/pypi/keyring python-keyring].

Windows credential manager

Status: implemented

This keyring encrypts passwords using Windows user account data. Its security depends on system configuration - encryption does nothing, if user’s account isn’t even protected with password.

KeePass

Status: not implemented

Cross-platform, open-source password manager.

Integrating [hxxp://keepass.info/ KeePass] with Pidgin would involve either [hxxp://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [hxxp://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [hxxp://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin].

Mac OS Keychain

Status: not implemented

This is [hxxps://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29 Mac OS specific keyring]. Here is [hxxps://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation] for it.