Why does KWallet open my encrypted wallet even without the GPG key?

asked 2016-07-08 01:28:00 -0500

CamilB gravatar image

updated 2016-07-08 01:39:22 -0500

I created a key pair using KGpg. I've configured KWallet to use GPG encryption with the first-run wizard, using my newly created keys. But KWallet doesn't seem to use any of that, and asks for passwords for my wallets anyway.

Creating a new wallet with KWalletManager asks no questions about GPG encryption: it asks directly for a password. I thought this was the point where I should be asked what key to use, but that didn't happen. So I created a no-password wallet, assuming it will be encrypted anyway.

That's not the case. After rebooting, KGpg is desperately trying to get me to type the passphrase (expected), and even if I refuse to give my passphrase, I can still open KWalletManager with my wallet and see the passwords (NOT AS EXPECTED). Interestingly, Kontact cannot get the email passwords from the wallet before I type the passphrase, but Network Manager does get the WiFi password.

Why can KWalletManager read my wallet and display my passwords even before I type in my key passphrase?

edit retag flag offensive close merge delete