Password Manager should work with KWallet

NEW
Assigned to

Status

Core Graveyard
Ports: Qt
--
enhancement
13 years ago
4 months ago

People

(Reporter: waldi54, Assigned: Zack Rusin)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
Firefox should integrate better into specific Unix-Desktops (at least KDE and
Gnome) e.g. by using their possibilities to store passwords (KDE uses KWallet
for that purpose, Gnome probably has also a program to do so). Maybe it is
useful to provide different versions with and without support for this feature,
maybe Password Manager is such a small utility that you can keep it in the trunk
and just add support for KWallet - I don't know. Thanks a lot, Firefox is great.

Updated

13 years ago
Severity: normal → enhancement
Version: 1.0 Branch → unspecified

Comment 1

13 years ago
I think this belongs in product 'core' component 'Ports: Qt'.
Not something we'd do as a core item, but we don't currently do anything to
integrate with KDE.  Dumping to the Qt port, if there's going to be a qt port
fore firefox, maybe we need a Ports: Qt for bugs like this?
Assignee: bryner → zack
Component: Password Manager → Ports: Qt
Product: Firefox → Core
QA Contact: davidpjames → cbiesinger
Version: unspecified → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 287902 has been marked as a duplicate of this bug. ***

Comment 4

11 years ago
Is it possible to implement this feature as extension? Maybe by replacing existing storage backend for password manager?
QA Contact: cbiesinger → ports-qt

Comment 5

10 years ago
The page referring to this
http://wiki.mozilla.org/Firefox/Feature_Brainstorming:Platform_Integration
mentions GNOME keyring too, but looks like this request addresses only kde.

Should I open a separate bug for GNOME keyring?

Once implemented in FF, Thunderbird will be able to use it too?

Thanks

Comment 6

9 years ago
My main push is for Thunderbird.

I have a dozen mail accounts for various websites and want to use Kwallet to protect those passwords.

Comment 7

9 years ago
this is a must. I want to use kwallet for storing firefox's passwords too.
Product: Core → Core Graveyard

Comment 8

9 years ago
It seems that bug 325351 is a duplicate. My comment there was (I hope it's OK to copy-paste it here):

Voted for this one. I'm not into the code of Firefox, nor KWallet, but wouldn't
it be possible to implement this as an optional security device (Preferences -
Advanced - Encryption - Secutity Devices) in the manner of FIPS which is
already there? (Same goes for Liberty)

Perhaps as an Extension or PlugIn or even a platform specific "mod" that could
come with Linux distros?

Other idea, perhaps solvable as a FF extension:
This wouldn't even have to be a full replacement, but just look, if "KWallet"
is there and ask it for the Master password, enter it automatically and
finished :-) This way, if you'd turn off kwallet or switch to gnome or
use your profile under Windows,... - FF would still work as usual, you just had
to type in your MP again.

Comment 9

9 years ago
There is another bug,

Bug 309807 -  Integrate Password Manager with Gnome Keyring Manager
https://bugzilla.mozilla.org/show_bug.cgi?id=309807

which has already a beta extension as a solution for Gnome keyring. The developed code there should also be useful for this bug, if I find the time I will port that code to use kwallet.

Also a good start is this page:

https://developer.mozilla.org/en/Creating_a_Login_Manager_storage_module

cu

Comment 10

8 years ago
Kwallet integration would be a really important issue? I am using both browsers Konqueror and Firefox frequently. Both have there pros and cons. Having the passwords stored separately is really a pain. 
I see this bug is assigned to the qt-port of Firefox. But is this really still happening. From time to time there is news about this, I fear this wont happen any time soon. But no matter of a qt-port of Firefox, it would be really great to see a Kwallet integration!

Comment 11

8 years ago
KWallet integration is more secure, easier to work with,  and just plain better.

Comment 12

8 years ago
Agreed.  Kwallet is way more secure and better to work with.

Comment 13

8 years ago
There is a Freedesktop project on unifying Passwordmanagers on Linux.
http://lists.freedesktop.org/archives/authentication/2008-October/000001.html
Unfortunately it appears dead, but may be if Firefox people joined in, this could be successfull.

Comment 14

8 years ago
The project is still halfway active. "Recent" discussion has been taking place on the gnome-keyring mailinglist, see http://mail.gnome.org/archives/gnome-keyring-list/2009-March/msg00008.html.

Unfortunately we stalled for the last two months but I'm sure we'll get back to speed once a preliminary spec has been published for discussion. If you find some time, please join the discussion to help shape the outcome to something suitable to the various Mozilla projects as well.

Comment 15

8 years ago
To bring some input into the discussion, I did some research on how to access KWallet. First, no binding to Qt or KDE (as suggested with "Component: Ports: Qt") is required. All communication with KWallet can be done via dbus. As Firefox already uses dbus to communicate with NetworkManager (see toolkit/system/dbus/), no new dependencies have to be introduced.

To query KWallet for passwords for web forms is quite easy, as the following example demonstrates, where the command-line client qdbus (from Qt) is used.
First, we may want to list the wallets (databases for credentials):
# qdbus org.kde.kwalletd /modules/kwalletd org.kde.KWallet.wallets
In my example, only a single wallet exists which is called "mywallet"
Now we can open this wallet to get a numeric handle for further access:
# qdbus org.kde.kwalletd /modules/kwalletd org.kde.KWallet.open mywallet 0 "Mozilla Firefox"
The name "Mozilla Firefox" is given here, as the user may get asked if he/she wants to grant this application access to the wallet.
Let's assume this command line return 123456 as handle. Within a wallet, folders with arbitrary names may exist. Konqueror uses the folder "Form Data" to save password from web forms. This folder contains key-value pairs, where the key is the url and the value is a map. This map contains key-value pairs from the web page, where for each pair the key is the id/name of an input field and the value is the input's value.
# qdbus --literal org.kde.kwalletd /modules/kwalletd org.kde.KWallet.readMap 123456 "Form Data" 'https://bugzilla.mozilla.org/#login' "Mozilla Firefox"
In this example "--literal" is used to force showing the map in a terminal as a sequence of bytes. In my case, the output is as follows:
{0, 0, 0, 2, 0, 0, 0, 34, 0, 66, 0, 117, 0, 103, 0, 122, 0, 105, 0, 108, 0, 108, 0, 97, 0, 95, 0, 112, 0, 97, 0, 115, 0, 115, 0, 119, 0, 111, 0, 114, 0, 100, 0, 0, 0, 24, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 97, 0, 0, 0, 28, 0, 66, 0, 117, 0, 103, 0, 122, 0, 105, 0, 108, 0, 108, 0, 97, 0, 95, 0, 108, 0, 111, 0, 103, 0, 105, 0, 110, 0, 0, 0, 50, 0, 102, 0, 105, 0, 115, 0, 99, 0, 104, 0, 101, 0, 114, 0, 64, 0, 117, 0, 110, 0, 105, 0, 120, 0, 45, 0, 97, 0, 103, 0, 46, 0, 117, 0, 110, 0, 105, 0, 45, 0, 107, 0, 108, 0, 46, 0, 100, 0, 101}
First, 4 bytes for the number of elements in the map (here: 2).
Then, the next 4 bytes contain the length of the first element's key (34 Byte), as all strings are encoded as 2-Bytes-per-Character (I guess UTF-16 or similar). The encoded string is "Bugzilla_password". Next follows my 12-char password (24 Bytes), all "a". Followed by "Bugzilla_login" and my email address.

Using dbus instead of linking to some KDE or Qt libraries should lower the threshold to integrate KWallet support in Firefox (or Thunderbird) considerably. Someone familiar with the codebase may be able to hack a proof-of-concept within a few hours.

I am looking forward to see some progress in this regard... ;-)

Comment 16

8 years ago
Thank you Thomas for your detailed research.
I guess that unfortunately the issues with this bug report are not technical...
Mozilla simply hates KDE and all its related technologies.

Comment 17

8 years ago
That makes my move to a webkit based browser a much easier choice. Thanks for the push, gecko will die.

Comment 18

8 years ago
Thank you for reporting your findings, Thomas. Would it be possible to hack together a Firefox Addon as a proof of concept? Or better yet, a patch to core?

Comment 19

8 years ago
(In reply to comment #18)
> Thank you for reporting your findings, Thomas. Would it be possible to hack
> together a Firefox Addon as a proof of concept? Or better yet, a patch to core?
As I stated in my post, I'm not familiar with the code and currently do not have the time to familiarize myself with it. Sorry...

Comment 20

8 years ago
@Dotan: People from KDE and Gnome are working on a common standard for saving passwords. Maybe you contact them, they may be able to help to implement the new standard, which might be better then implementing Kwallet integration as it is:
Here is there mailing list: http://lists.freedesktop.org/mailman/listinfo/authentication

Comment 21

8 years ago
> People from KDE and Gnome are working on a common
> standard for saving passwords.

Thread here:
http://lists.freedesktop.org/archives/authentication/2009-November/000129.html
Hi there, I have recently post a Firefox extension that make Firefox use KWallet as password back-end, I hope you like it, and I would like to hear your suggestions:

https://addons.mozilla.org/es-ES/firefox/addon/49357/
Blocks: 140751

Comment 23

5 years ago
http://standards.freedesktop.org/secret-service/
In KDE case KSecretService is available since KDE 4.8.

So probably Firefox doesn't need to support KWallet anymore.

Comment 24

2 years ago
any progress here? The plugin is unmaintained and not usable with KF5.
There is a KF5 version of the plugin. But it's unsigned, which is a bit problematic with the current Firefox security policy. It would certainly be nice if this was integrated into either the Firefox core or kmozillahelper.

Comment 26

a year ago
the KF5 version keeps crashing my Firefox (ESR) here on 3 different PC. Therefore it is also not working (tried it two month ago or so)
It doesn't crash here (openSUSE Tumbleweed, Firefox 43.0.3).

Comment 28

4 months ago
Is a plugin still an option for WebExtensions-Only-FF (i.e. FF57 and above)? I.e. does the plugin have to make use of functionality that is outside of the scope of WebExtensions?
You need to log in before you can comment on or make changes to this bug.