There is no encryption tab in the kmymoney settings

Hi everyone,

I’m trying to encrypt the data file from kmymoney, but there’s no encryption tab in the settings. Do I need to install an additional module?

Thanks for your help.

KMyMoney Version 5.1.3
KDE Frameworks Version 5.116.0
Qt Version 5.15.14 (kompiliert gegen 5.15.13)
gpg (GnuPG) 2.4.5

There should be a settings button on the XML Storage plugin that lets you configure GPG encryption.

Thanks, I found that, but everything is grayed out. I cannot activate GPG encryption.

Which operating system are you using and where did you get the software?

This is an Arch Linux
Host: thinkarch Kernel: 6.9.1-zen1-2-zen arch: x86_64 bits: 64

The installation was done via pacman.

~ doas pacman -S kmymoney

Summary

doas (olmet@thinkarch) password:
resolving dependencies…
looking for conflicting packages…

Packages (29) aqbanking-6.5.4-1 attica5-5.116.0-1 gwenhywfar-5.10.2-1 kactivities5-5.116.0-1
kcmutils5-5.116.0-1 kcontacts5-5.116.0-1 kdeclarative5-5.116.0-1
kdiagram5-2.8.0-1 kholidays5-1:5.116.0-1 kidentitymanagement5-23.08.5-2
kitemmodels5-5.116.0-1 knewstuff5-5.116.0-1 kpackage5-5.116.0-1
kpimtextedit5-23.08.5-2 kqtquickcharts-24.05.0-1 ktextaddons5-1.5.4-1
libakonadi5-23.08.5-2 libalkimia-8.1.2-3 libical-3.0.18-2 libofx-0.10.9-1
libxml++2.6-2.42.1-1 opensp-1.5.2-10 qtkeychain-qt5-0.14.3-1 sgml-common-0.6.3-8
sqlcipher-4.6.0-1 syndication5-5.116.0-1 syntax-highlighting5-5.116.0-1
tcl-8.6.14-4 kmymoney-5.1.3-16

Might be a dumb question: do you have gpg installed? Do you have the gpg-agent running? You can see that last bit by executing

ps ax | grep gpg-agent

For me it shows:

17654 ?        Ss     0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc
17655 ?        Ss     0:03 /usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc
26757 pts/5    S+     0:00 grep --color=auto gpg-agent

Thanks for your help.

My system configuration caused the problem with the GPG encryption not being activated. Many of my applications run in a sandbox using bubblejail/bubblewrap.

Of course kmymoney needs access to:

~/.gnupg and root access to
/run/user/1000/gnupg

After editing the services.toml, the GPG encryption works.

doas nano ~/.local/share/bubblejail/instances/kmymoney/services.toml

...

[home_share]
home_paths = [
    "path_to_kmymoney.kym",
    ".gnupg",
]

[root_share]
paths = [
    "/run/user/1000/gnupg",
]

...

I’m really sorry to say that the encryption isn’t working yet.

I tried starting the program without firejail and exporting the XML file with my displayed key, but when I tried to open it, I got an error message.

Cannot read the file: /home/user/Dokumente/kmymoney/enc_basis.kmy /usr/src/debug/kmymoney/kmymoney-5.1.3/kmymoney/plugins/xml/xmlstorage.cpp:140

There is no kmymoney folder in the /usr/src/debug path.


That’s how it looks for me:

   1430 ?        SLsl   0:00 /usr/bin/gpg-agent --supervised
   4377 pts/0    S+     0:00 grep --colour=auto gpg-agent

Just to be certain, does /home/user/Dokumente/kmymoney/enc_basis.kmy
exist, and what are the permissions on it?
As a further experiment, can you make a copy of the file and then unencrypt the copy with gpg directly?

Also, I’m not sure exactly what you mean by having started the program without firejail and exporting the XML. Are you saying that things work fine without firejail, but not when using it? If so, then my guess is you need to ask someone who knows about firejail.

I can confirm that decryption does not work with or without Firejail. I have carried out all attempts without Firejail to rule out any potential issues with Firejail.

drwxr-xr-x 1 olmet olmet  406 14. Jun 10:52 ./
drwxr-xr-x 1 olmet olmet   70 12. Jun 18:35 ../
-rw-r--r-- 1 olmet olmet  65K 13. Jun 16:13 basis.kmy
-rw-r--r-- 1 olmet olmet 747K 14. Jun 10:52 enc_basis_copy_decrypted.kmy
-rw------- 1 olmet olmet  89K 14. Jun 10:51 enc_basis_copy.kmy
-rw------- 1 olmet olmet  89K 13. Jun 14:31 enc_basis.kmy
~  cd /home/olmet/Dokumente/kmymoney/                                                                                               
~/Dokumente/kmymoney>>  cp enc_basis.kmy enc_basis_copy.kmy                                                                           
~/Dokumente/kmymoney>>  gpg --output enc_basis_copy_decrypted.kmy --decrypt enc_basis_copy.kmy                                        
gpg: verschlüsselt mit rsa2048 Schlüssel, ID ABFAxxxxxxxxx, erzeugt 2024-06-13
      "OlafM <olxxxe@mail.ts>"

The decryption works directly, then I can open the decrypted file enc_basis_copy_decrypted.kmy in kmymoney.

The two encrypted files in the folder
enc_basis.kmy
enc_basis_copy.kmy
can now also be opened in kmymoney. The password is probably stored temporarily.

But after restarting the computer, I cannot open the two encrypted files with kmymoney again. No password prompt appears from kmymoney as in the terminal. Is there perhaps a programme module missing?

I hope you can understand my explanations, my English is not so good.

I think the default program that displays the password dialog is /usr/bin/pinentry, which is a script provided by gnupg that seems a bit outdated. On my system I’ve configured gpg-agent to use /usr/bin/pinentry-qt instead by creating the file ~/.gnupg/gpg-agent.conf with the single line:

pinentry-program /usr/bin/pinentry-qt

You’ll probably need to restart gpg-agent after creating that file.

EDIT: /usr/bin/pinentry is provided by the Arch packaging of pinentry which is a dependency of the gnupg package. I’ll look into submitting an improvement.

I have commented out the following entries for pinentry and added the pinentry-qt:

~/.gnupg/gpg.conf
# use-agent
# pinentry-mode loopback
 ~/.gnupg/gpg-agent.conf
# allow-loopback-pinentry
pinentry-program /usr/bin/pinentry-qt
systemctl --user restart gpg-agent

Jetzt erscheint ein Anmeldefenster zur Passwort Eingabe.
Im log des gpg-agent erscheinen zwei Warnmeldung, aber die sind für mich nicht so wichtig.
A login window now appears for entering the password. :slightly_smiling_face:

Two warning messages appear in the gpg-agent log, but these are not so important for me.

Jun 14 14:02:49 thinkarch pinentry-qt[3375]: CapsLockWatcher was compiled without support for unix
Jun 14 14:02:49 thinkarch pinentry-qt[3375]: Checking for Caps Lock not possible on unsupported platform: "wayland"

Many thanks for your help.

1 Like