[Users] [Feature wish] Integration with freedesktop secret service

[pezcurrel]

On Wed, 2 Feb 2022 11:20:31 -0000 Paul <paul at claws-mail.org> wrote:

>On Wed, 2 Feb 2022 06:58:24 +0100
>pezcurrel <pezcurrel at tiscali.it> wrote: 
>
>> I think it would be really great if Claws gave the possibilty to use a
>> freedesktop.org secret service[*] compliant password manager (like
>> keepassxc, gnome keyring, kde wallet) for storing and retrieving
>> account's passwords.  
>
>Well, the freedesktop.org secret service is still very much a draft at the
>moment, it seems.

I see.

>Claws Mail does not store passwords in plain text,

I see, but I fear that when a Primary Passphrase is not used, a possible
bad guy more acknowledged than me could easily revert the passwords to
plain text by reading this document you linked:
https://git.claws-mail.org/?p=claws.git;a=blob_plain;f=doc/src/password_encryption.txt;hb=refs/heads/gtk3

>and you can set a Primary Passphrase, (See
>/Configuration/Preferences/Other/Miscellaneous),

I use it, and I think *that* is what makes it really really difficult, if
not impossible, for the possible bad guy, to revert my passwords to plain
text.

>so what do you think would actually be gained by using freedesktop.org's
>secret service anyway?

I could unlock the password manager only once in a desktop environment
session in order to use Claws (and Firefox with KeepassXC extension).
Anyway, if the freedesktop.org secret service is so much a draft at the
moment, I really think I can live with typing one more password until it
will be defined enough for you and the other Claws developers, if ever.

>Read more about passphrase handling in Claws Mail here:
>https://git.claws-mail.org/?p=claws.git;a=blob_plain;f=doc/src/password_encryption.txt;hb=refs/heads/gtk3

I read it, and I have the doubts I exposed to you above, I'd very much
appreciate if you would clarify them to me.

With regards