pinentry-kwallet(1) [debian man page]
PINENTRY-KWALLET(1) BSD General Commands Manual PINENTRY-KWALLET(1) NAME
pinentry-kwallet -- kwallet-based pass-phrase dialog for use with GnuPG SYNOPSIS
pinentry-kwallet [-q] [options] DESCRIPTION
pinentry-kwallet is a kwallet- and pinentry-based pass-phrase dialog for use with GnuPG. It is intended to be called from the gpg-agent(1) daemon and not invoked directly. pinentry-kwallet replaces the regular pinentry-program stanza set in ~/.gnupg/gpg-agent.conf and looks up the passphrases requested in the KWallet first, falling back to pinentry only if not found. The user is given the option to store it in the KWallet afterwards. Negative answers to this are also stored in the KWallet to avoid asking each time. pinentry-kwallet (like other pinentry variants) talks a simplified subset of the regular Assuan protocol on stdio; all commands, even unknown ones, are passed through to a pinentry co-process during run-time, even if the latter is never used. It accepts the same options as pinentry, even unknown ones, because it is designed to plug in. As an exception, -q makes pinentry-kwallet more quiet (suppress warnings on stderr), and -V displays the version on stderr (unless -q). pinentry-kwallet attempts sophisticated error handling: if an error dialogue is displayed, an internal counter is increased. If the counter reaches 2, the value stored in the KWallet is ignored, and the user is asked anew. The counter is stored in the KWallet, which is suboptimal but necessary, because gpg2(1) does not re-use the Assuan sessions, instead spawning a new pinentry-kwallet each time a passphrase is required (rather stupid). Error counters are valid for 15 seconds since their last increasement. RETURN VALUES
pinentry-kwallet exits 1 if it is called recursively, 0 if help or version information are requested, and return codes do not matter in any other cases because errors are signalled in-band. It will exit 0 after the Assuan session is terminated. ENVIRONMENT
DISPLAY The X11 display to use for child processes. If not set, pinentry-kwallet will immediately replace itself with the slave PINENTRY programme to use. GPG_TERM Terminal type of the current tty. GPG_TTY The current terminal. PINENTRY The pinentry programme to use. Default: ``pinentry'' SEE ALSO
date(1), gpg-agent(1), gpg2(1), kwalletcli(1), kwalletcli_getpin(1), mksh(1), pinentry-curses(1), pinentry-gtk-2(1), pinentry-qt(1), pinentry-x11(1) AUTHORS
pinentry-kwallet was written by Thorsten Glaser <tg@mirbsd.org> mostly for tarent GmbH. CAVEATS
Some newer pinentry features, such as three-button operation, are not supported yet. Some commands, such as version inquiry, as passed through to the pinentry coprocess indiscriminately, which may lead to strange results, should the protocol change or extend. BSD
May 10, 2011 BSD
Check Out this Related Man Page
KWALLETCLI(1) BSD General Commands Manual KWALLETCLI(1) NAME
kwalletcli -- command line interface to the KDE Wallet SYNOPSIS
kwalletcli [-q] -hV kwalletcli [-q] -f folder -e entry [-P | -p password] DESCRIPTION
The kwalletcli utility is a command line interface to KWallet. It will only work if KDE is running (DCOP) and reachable (via X11). kwalletcli can be used to get password entries from the Wallet, or to write them there. The options are as follows: -e entry Define the key (entry) to use when accessing the Wallet. Mandatory. -f folder Set the folder to use when accessing the Wallet. Mandatory. -h Display the usage. -P Read the password to write from standard input. Currently limited to 65535 octets. -p password Write password into the designated location in the Wallet. -q Be more quiet. In combination with -V, do not display anything. -V Display the kwalletcli version information. Default mode of operation, that is, unless -P or -p are used, is to read the password from the Wallet and print it to standard output as-is, without any trailing newline. All input and output is assumed to be in UTF-8. The password string (whether read from standard input or command line) is now converted from ``possibly UTF-8 but binary transparent'' to standards-conformant UTF-8 for the Qt side, and back upon reading out. RETURN VALUES
The kwalletcli utility exits 0 on success or >0 if an error occurred: 1 The entry specified cannot be found (read access). 2 The usage was shown. 3 The Wallet could not be opened. May be a missing DCOP connection. Perhaps DISPLAY is not set. 4 The folder specified cannot be found (read access). 5 The folder specified cannot be opened. 6 The value to the key specified could not be retrieved. 8 An error occured trying to write the value. The exit codes 1 and 4, on reading, are not fatal; they merely indicate that the folder or entry specified does not exist. The other errors are fatal and may be used to indicate the user that the KWallet should not be used any more during the current session. ENVIRONMENT
DISPLAY The X11 display to use for communicating with the KDE Wallet. SEE ALSO
kwalletcli_getpin(1) AUTHORS
kwalletcli was written by Thorsten Glaser <tg@mirbsd.org> mostly for tarent GmbH. CAVEATS
Do not use -p password to store it, unless you absolutely must. It is a security risk, because the command line invocation is public infor- mation in a normal Unix environment. Use -P instead and provide the password on standard input. Beware of trailing newlines, especially outside of mksh(1) scripts! BUGS
If DISPLAY is not set, not valid, or kdeinit or kdeinit4 cannot start for other reasons, kwalletcli may not recover gracefully. In KDE 4 versions, this may even result in a Segmentation fault. The author does not know of a way to catch this early; patches are welcome. There is no way (yet) to set a wallet other than the default wallet. While this is a possible enhancement to the kwalletcli CLI, there is no feasible way to expose this functionality to the various front-ends, such as pinentry-kwallet(1), anyway, so the priority of fixing this is low. BSD
April 9, 2011 BSD