krapplet 0.1.0

A password manager written as a gnome-keyring applet

Krapplet

Krapplet is a password manager which relies on gnome-keyring for storing secrets (passwords) and other information. It is developed as a Linux system tray icon applet, and aims to not be in the user's way.

Installation

Environment

Krapplet is based on gnome-keyring, which limits its use to the Linux operating system. Krapplet has been tested on the amd64 and x64 architecture, but might work on other architectures as well. A system tray needs to be available for the applet to embed itself in.

Software dependencies

Krapplet makes use of the following software:

• Python as the programming language, tested with versions 3.7, 3.8 and 3.9.
• GTK3 for the user interface. Developed against version 3.24.22. Please refer to these instructions for how to install GTK3 for your Linux distribution.
• Secretstorage as the Python API towards gnome-keyring. Developed against version 3.1.2. Secretstorage can be installed via PyPI, but is also available as an operating system package in many Linux distributions. Secretstorage makes use of a Python package cryptography, which in turn requires some operating system packages to be installed: see here for installation instructions.

Installers

Krapplet is available:

• as source code on Gitlab
• on PyPI.

Usage

Once krapplet is started it will show itself as an icon in the system tray. When this icon is right clicked it will show a menu with the available keyrings, the option to add a keyring, and about and quit options. When hovering over a keyring it will give the option to unlock a keyring when it is locked or show the availabe keys, and options to add a key, remove the keyring, or lock the keyring.

Once a key has been selected it will show a small floating window to manipulate the key. It shows the key name as a first input field and when it is not a new key also the create and modified timestamps.

Next are the key attributes in name/value pairs. There is a button to add an additional attribute. A blank attribute name is interpreted as an instruction to remove that attribute. When an attribute name "URL" is present a launch button will be shown, which opens the system webbrowser for the listed URL when clicked.

The "secret" section contains the password, by default shown hidden. This section has buttons to generate a new password, copy the password to the system clipboard, and to show or hide the password.

The generation of a new password is based on five parameters:

• total lenght
• minimum number of uppercase, lowercase, numeric and special characters; use zero to exclude a category.

Special characters are defined as: !#$%&()*+,-./:;<=>?@[\]^_`{|}~

Secure storage of passwords

Krapplet relies on gnome-keyring for storing secrets in a secure (encrypted) manner. How this works is described in this gnome-keyring wiki page. The upshot is that:

• There should be a password set for the first keyring to be unlocked, the login keyring
• That password should be the same as the password for the user's Linux account

Desktop environments are capable of unlocking the login keyring as long as auto-login is not used.

Disclaimers

Password generation

The generation of the password makes use of Python's random functions. These random funtions rely on operating system features, typically the current time in fractions of seconds, or when available from a random device like /dev/urandom in Linux, which seems better. Even better would be if there is a hardware random number generator available and used by the operating system. How Python's random function works therefore depends on the Python interpretor, the system configuration, and the hardware. In any case, it is not good enough for real cryptographic purposes. Whether it is good enough for password generation is left to users of krapplet to decide.

Clipboard usage

Krapplet can copy secrets to the system clipboard, allowing a user to paste a secret in an input field, seemingly a secure way since bystanders cannot see what is being copied. However, please be weary of clipboard managers maintaining a clipboard history and therefore can reveal everything that has been copied to it, including passwords.

Troubleshooting

Error: could not embed in systray

• Make sure that there is a systray for krapplet to embed itself in

Cannot see the krapplet icon

• Verify that there are krapplet.png files in /usr/share/icons/hicolor/48x48/apps and in /usr/share/icons/hicolor/96x96/apps
• Refresh the icon cache by running gtk-update-icon-cache

Login keyring not automatically unlocked

• Please check your distribution's documentation with respect to gnome-keyring

License

Krapplet is licensed under the BSD 3-Clause license.

Author

Johannes Willem Fernhout