Hello everyone! I am new to the KDE community, although I am not at all new to the KDE desktop. Though I have recently begun to engage myself in spending a bit more time learning the under-the-hood workings of the desktop, so I suspect I'll find myself around here quite a bit more often

Anyhow, I've recently spun up a Gpg key pair for myself, which I am very much enjoying managing with ease through KGpg. However, in using it, I have come accross a security concern, which may simply be due to my ignorance of the program. It would appear that KGpg does not require any password authentication in order to start up and actually view keys. Consequently, private keys can be exported with no level of authentication whatsoever.

Now my private key is secured with a rather strong password, but having the ability for it to be exported so easily makes me uneasy, and I can't seem to find any options to password secure read privileges on my private key. Granted, I could probably symmetrically encrypt my private keyring using the gpg binary, and manually unencrypt it before each use, but it would be much nicer if it could automatically prompt for a password on opening, similar to the way the KWallet functions.

Is there some piece of functionality I just missed? If this is not supported, does anyone have any solutions that they currently employ in relation to this?

In this case the exported private key is likely still password protected itself. KGpg in this case is simply making it convenient to make backups, etc. Please note that you cannot protect the export procedure as the physical file KGpg is giving you a copy of can probably be located in ~/.gnupg/

Check your kde-wallet settings?

bcooksley wrote:In this case the exported private key is likely still password protected itself. KGpg in this case is simply making it convenient to make backups, etc. Please note that you cannot protect the export procedure as the physical file KGpg is giving you a copy of can probably be located in ~/.gnupg/

I thought that this may be the reason as well, but it would appear that the keys are actually being stored in a keyring

[james@arch james-arch]$ find .gnupg/ -type f
.gnupg/gpg.conf
.gnupg/pubring.gpg~
.gnupg/random_seed
.gnupg/secring.gpg
.gnupg/trustdb.gpg
.gnupg/pubring.kbx
.gnupg/.#lk0x22ef7b0.arch.inspiron.lottspot.com.11475
.gnupg/pubring.gpg

Which this being the case, it seems like there *should* be an option to password protect access to the keyrings. I guess I could just fire up an rsa keypair and encrypt the secring.gpg myself. I think I'll try looking into whether there's a more gpg-native solution first though.

toad wrote:Check your kde-wallet settings?

I'm confused. If the option to password protect my private key doesn't exist in the first place, what am I looking for in my kde-wallet settings?

ub1quit33 wrote:

toad wrote:Check your kde-wallet settings?

I'm confused. If the option to password protect my private key doesn't exist in the first place, what am I looking for in my kde-wallet settings?

Sorry, didn't want to confuse you but sometimes kde-wallet is set up so that it keeps things open. If in doubt, check in system settings, otherwise ignore.

Yes, the key is stored in the keyring - although nothing protects the keyring to my knowledge, other than the permissions on the keyring.
As far as I am aware, KGpg does not make any use of KWallet.