Keyrings cryptographically secure your password in a way that would generally be more secure (although not perfect). It would require a master password, shared amongst all the applications on your computer, to get at your passwords.

Pidgin 2.x.y does not support storing passwords in keyrings; currently you must either store passwords unencrypted or not at all (why? see PlainTextPasswords). However, 3.0.0 will support this feature.

== Status ==

This code initially came from a Google Summer of Code [wiki:GSoC2008/MasterPassword project] in 2008. Then, was rewritten by Tomasz Wasilczyk thanks to Google's interest in improving Pidgin's security.

It's merged and ready to be released with Pidgin 3.0.0.

== Related tickets ==
* #673
* [https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/75850 Launchpad bug #75850]

== Specific keyrings ==

=== Internal keyring ===
Status: implemented

It works in two modes: cleartext (passwords are stored unencrypted, as before) and using encryption with a master key. User needs to provide a master password once per every Pidgin startup. It uses AES-256 for encryption and PBKDF2-SHA256 for key derivation.

=== GNOME Keyring and KWallet ===
Status: implemented

These are the GNOME and KDE specific keyrings, where user needs to provide a master password once (depending on configuration) per system startup.

=== Freedesktop Secret Service API ===
Status: partially implemented, not integrated

It's intended to provide a standard interface for Linux apps to store passwords and similar stuff.

Pidgin connects to the [http://standards.freedesktop.org/secret-service/ Secret Service] DBus API to store and retrieve passwords. There are several libraries to do this, including [https://live.gnome.org/Libsecret libsecret] and [https://pypi.python.org/pypi/keyring python-keyring].

=== Windows credential manager ===
Status: implemented

This keyring encrypts passwords using Windows user account data. Its security depends on system configuration - encryption does nothing, if user’s account isn’t even protected with password.

=== KeePass ===
Status: not implemented

Cross-platform, open-source password manager.

Integrating [http://keepass.info/ KeePass] with Pidgin would involve either [http://keepass.info/help/v2/plugins.html writing a KeePass plug-in], or using one of the existing plugins that facilitate communicating with other apps. See for example [http://keefox.org/ KeeFox] (KeePass–Firefox bridge), which includes the [http://keefox.org/2010/12/02/keepassrpc-plugin-technical-overview/ KeePassRPC plugin].

=== Mac OS Keychain ===
Status: not implemented

This is [https://en.wikipedia.org/wiki/Keychain_%28Mac_OS%29 Mac OS specific keyring]. Here is [https://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html Apple's developer documentation] for it.