I have two PGP keys I use to sign and decrypt e-mails in kmail. When doing so, I have to enter the key's password (currently stored in KeePass).
Is it possible to save the passwords in my kwallet in a way that automatically unlocks the keys as needed? If so, how can this be achieved?
Edit: I have found something similar here, but for SSH keys rather than PGP keys. Maybe that can be adapted?
Best Answer
Unlocking
As far as I know this cannot be done in kWallet. Use
gpg-agent
instead. You can make it's settings as liberal as you like, balanced between security and ease of access. Depending on which distribution you are running, the agent should work out of the box. Perhaps it's even already running in the background?Other key management
I never used KeePass, so I don't know its features. However, kGPG might be worth looking at. It is a GUI front end to the system's GnuPG. Specifically, it also allows for low-ish level settings of GPG, including GPG agent.
kMail
The question also contains the kmail tag, so I will also elaborate on that. You might want to read the PGP configuration section and kmail FAQ, GnuPG section. If you have set up the keys using kGPG above, you don't have to be very worried about all the fat warning and the steps in the top part of the page. Just be informed about them.
Integration
Integration is actually happening implicit. kGPG just tells GnuPG which keys to create, modify, open and more actions. It lists in its interface what keys are on the system and their trust level etc. But in the background everything is stored in the
~/.gnupg
directory in the GnuPG format. (I'm not sure if kGPG invokes GPG or is linked to GPG libraries, but the effect is the same)kMail is just another kind of front end. It invokes the
gpg
command to access the keys stored in the same directory. For instance for signing, encrypting and decrypting.The
gpg-agent
is session wide. Meaning, if you unlock a private key in kGPG, it will also be unlocked for kMail and visa versa.Edit
I just found kwalletcli, which provides kwallet bindings for pinentry. My distribution does not provide a package, so at this moment I'm unable to try it out.
You might have to manually install the package if your distro does not support it as well.
Once again, arch wiki comes along and saves the day:
Alternative
If you don't want to or can't install kwalletcli, you might be able to do some scripting using the
kwallet-query
command. You will have to have knowledge about which wallet to open to obtain the password. Seeman kwallet-query
for more info.However, gpg does not allow password input from STDIN by default, so you will need to configure gpg for it.
Note on ssh-agent
If you get gpg-agent to work properly, you can use it also as a ssh-agent.