I’m in the process of moving to Linux (tumbleweed with KDE plasma desktop). In setting up email clients, I keep getting asked to create a KDE wallet. I self host bitwarden and want to use that instead of creating a KDE wallet. Is there any way to turn off the KDE wallet and replace it with Bitwarden?
I wouldn’t have thought so, similar, but completely different programs by different developers.
For info: there’s some early work being done on a replacement for KWallet based on KeepassXC, and it is possible to migrate data from Bitwarden to KeepassXC
1 Like
First, welcome to the KDE Discuss Forums.
It’s your lucky day – I’m an openSUSE user – an extremely rare presence in these KDE Forums … 
-
Bitwarden is available in the openSUSE Tumbleweed repositories – simply install it – and, enjoy the benefits of OpenQA …
<openSUSE:Factory / bitwarden / Overview>
Take a look at the “Revisions” Tab …
-
For the case of KWallet, there are some (RPM) package dependencies –
> LANG=C rpm --query --whatrequires kwalletd5
plasma-nm5-5.27.11-bp156.1.1.x86_64
pam_kwallet-common-5.27.11-bp156.1.1.noarch
kwalletd5-lang-5.115.0-150600.1.3.noarch
>
> LANG=C zypper info --recommends --requires --suggests --supplements kwalletd5
.
.
Information for package kwalletd5:
----------------------------------
Repository : Haupt-Repository
Name : kwalletd5
Version : 5.115.0-150600.1.3
Arch : x86_64
Vendor : SUSE LLC <https://www.suse.com/>
Installed Size : 546.3 KiB
Installed : Yes (automatically)
Status : up-to-date
Source package : kwallet-5.115.0-150600.1.3.src
Upstream URL : https://www.kde.org
Summary : Safe desktop-wide storage for passwords
Description :
This framework contains two main components:
* Interface to KWallet, the safe desktop-wide storage for passwords on KDE workspaces.
* The kwalletd used to safely store the passwords on KDE work spaces.
Requires : [29]
libstdc++.so.6()(64bit)
libstdc++.so.6(CXXABI_1.3)(64bit)
libstdc++.so.6(GLIBCXX_3.4)(64bit)
libgcc_s.so.1()(64bit)
libgcc_s.so.1(GCC_3.0)(64bit)
libstdc++.so.6(CXXABI_1.3.9)(64bit)
libc.so.6(GLIBC_2.38)(64bit)
libQt5Core.so.5()(64bit)
libQt5Core.so.5(Qt_5)(64bit)
libQt5Gui.so.5()(64bit)
libQt5Gui.so.5(Qt_5)(64bit)
libQt5Widgets.so.5()(64bit)
libQt5Widgets.so.5(Qt_5)(64bit)
libKF5CoreAddons.so.5()(64bit)
libKF5I18n.so.5()(64bit)
libQt5Core.so.5(Qt_5.15)(64bit)
libQt5DBus.so.5()(64bit)
libQt5DBus.so.5(Qt_5)(64bit)
libKF5ConfigCore.so.5()(64bit)
libKF5WidgetsAddons.so.5()(64bit)
libKF5ConfigWidgets.so.5()(64bit)
libKF5DBusAddons.so.5()(64bit)
libKF5WindowSystem.so.5()(64bit)
libKF5Notifications.so.5()(64bit)
libKF5Service.so.5()(64bit)
libKF5Wallet.so.5()(64bit)
libqca-qt5.so.2()(64bit)
libgpgmepp.so.6()(64bit)
libkwalletbackend5.so.5()(64bit)
Recommends : kwallet-tools
Suggests : ---
Supplements : ---
>
If you’re using Network Manager, you’ll need a Key Wallet for the WiFi/WLAN secrets …
If you’re using the KDE Plasma PIM – Kontact – or, the simplified newer mostly Calendar and e-Mail alternative – Merkuro – you’ll need a Key Wallet for the access to your IMAP and/or POP3 e-Mail accounts.
- You’re using KDE Plasma – therefore the KDE Plasma applications use KWallet for password and “secrets” storage.
On the other hand, Bitwarden is great for the passwords you need to access logins to Internet Web offerings.
- And, you can store your access details in a common place in order that, your other Internet devices – such as your mobile telephone – also use the same username/password storage.
KWallet is only local to your KDE Plasma session.
KWallet encryption –
-
The normal Use Case is to use Blowfish with a password which is the same as the login password for your KDE Plasma session – the password is stored either in ‘/etc/shadow’ or the LDAP Server.
Your KWallet instance automatically opens when you login. -
If, you use GPG to encrypt a KWallet Wallet –
It will not be automatically opened when you login and –
The GPG Key will be stored within your Home directory structure.
Is Blowfish really as bad as discussions on Internet may well lead you to believe, maybe the two following references will help you –
<Bruce Schneier – The Blowfish Encryption Algorithm>
<Wikipedia – Blowfish (cipher)>
Bottom line –
- By default KDE Plasma uses a Blowfish encrypted Password Wallet named “KWallet” to store –
- WiFi/WLAN secrets.
- IMAP and POP3 e-Mail account login data.
The encrypted wallet size for such things is usually much less than 4 GB …
- My current Blowfish encrypted ‘kdewallet.kwl’ file size – with more than my WLAN and e-Mail access data, is 25K.
And, my current KDE Plasma System Settings (Version 5.27.11) indicate that, if KWallet is deactivated for Password Services then, other Password storage such as KeePassXC or GNOME-Keyring can be used.
BTW – “KeePassXC” is available in the openSUSE Tumbleweed Repositories – <openSUSE:Factory / keepassxc / Overview>
Dealing with Bitwarden will be on you but Kwallet you can simply go into system settings and turn it off if the kwalletmanager is installed. Some distros choose not to include it. If it’s not installed you should be able to find it in your GUI for installing software. My suggestion is install tumbleweed, do what updates are out there, do you system settings tweaks including turning off kwallet. Then add your software.
FYI: No kwallet is not necessary for your WiFi to keep your password.
And, the Google Chromium Browser running on KDE Plasma has a Plugin which accesses KWallet.
Yes, you can store your NetworkManager WiFi/WLAN secrets as plain text in NetworkManager’s /etc/ directory …
- The file containing the plain text located in the NetworkManager’s /etc/ directory is not world readable but, that’s not really nice at all …
The only point that matters is the FACT that you do not need KWallet to always be logged into one’s WiFi. ANYTHING else is BS.
This is great information and I think gives me what I need to sort out what I would like to do. Thank you for taking the time to explain this.
Yes, I’m familiar with Schneier’s blowfish algorithm and what he says about it. I’m surprised that it is still being used in KWallet instead of twofish or some other algorithm.