New Post: App Showcase: Password Safe

david.hamner · December 30, 2020, 7:29pm

Keep your passwords with you and encrypted:

reC · December 31, 2020, 3:17am

so ‘passwords’ is just like ‘seahorse’ only for the mobile L5 right ?

sudo apt install passwords
returns

Unable to locate package passwords

PureOS Byzantium (10) on LMini-v1

fiacco · December 31, 2020, 8:32am

I’m not familiar with “seahorse”, but I’d say “Password Safe” is more like “KeePass” and it uses the same format, so you can share the database with your desktop computer.
It is available as flatpak so, in order to install it, add the Flathub repository to the PuriOS app and download from there.
I’ve noticed a limitation: it doesn’t allow to scroll pages. If you have many categories or items you need to “search” in order to see the entries coming last.

ruff · December 31, 2020, 10:31am

uff, “password safe” is a well-known name for the FLOSS Windows password manager. kdbx is a keepass file format.
And while function-wise it is similar to Seahorse (password manager), implementation wise it is different. Seahorse is a GUI/frontend application to use gkr (gnome-keyring) password manager via libsecret DBus API. While this application is more like a re-implementation of the keepass.

Note - libsecret is used widely in the linux environment (by various apps) to store the keys. I don’t know whether this application is implementing and exposing libsecret DBUS API (allowing it to be used as drop-in replacement for gkr).

So I find this presentation very confusing, to say the least.

prolog · December 31, 2020, 11:49am

Does Password Safe has any kind of auto type functionality?

joao.azevedo · December 31, 2020, 2:20pm

In PureOS Byzantium search for: gnome-passwordsafe

https://software.pureos.net/package/bin/byzantium/gnome-passwordsafe

Manuel · December 31, 2020, 5:12pm

Now we just need an option to unlock the password database with the GPG key on the integrated smart-card reader. That way we can use the PIN of the smart-card to unlock the GPG encrypted database.

kieran · January 1, 2021, 1:50am

What about seahorse itself? I use that on the desktop/laptop, so better uniformity would be achieved by being able to use the same thing on the Librem 5. seahorse actually has a fairly compact UI so maybe it would be usable as is.

Even better if keyrings are interchangeable between desktop/laptop and Librem 5.

amarok · January 1, 2021, 4:17am

This is seahorse on the L5:

ruff · January 1, 2021, 8:32am

eternal linux problem - reinventing the wheel over and over again. very frustrating seeing this in official gnome project gitlab, similar to chatty/empaty, evolution/geary, now gkr/passwords. people decide it’s easier to start from scratch and slicing segmented community thinner and thinner.

joao.azevedo · January 1, 2021, 2:23pm

Well passwordsafe is not the same thing as the system keyring, unless you store stuff like your banking website password in seahorse.

GNOME password safe would be more like a keepassxc compatible password manager, that can fit a 5 inch screen

2disbetter · January 1, 2021, 2:51pm

Yeah, I saw that it supports keepass databases, and so for me it is perfect.

ruff · January 1, 2021, 3:24pm

what’s wrong with gkr that you would prefer passwords to it to store your bank key? I mean I know one uses aes128 and another aes256 but that’s exactly the point I’m making, instead of improving existing (widely adopted) code they just introduced Yet Another ^tm stuff.

kieran · January 1, 2021, 11:15pm

NIH?

Anyway, Linux is all about choice, even at the expense of spreading more thinly.

It seems as if both work on the L5. So if you currently use keepass, use that on the L5 - and if you currently use seahorse (or use GNOME keyrings via another mechanism), use that on the L5.

Kyle_Rankin · January 1, 2021, 11:30pm

There are some people (such as myself) who have used a standalone password manager tool in the KeePass family for quite some time among other reasons for its portability on platforms and desktop environments that might not include Gnome. You could make the argument that keepass-backed password managers are at least as widely adopted, if not more widely adopted, than seahorse, and across more platforms.

While I use seahorse on my Librem 5 for some system-level passwords, It’s handy to have an alternative like Password Safe that supports KeePass database formats and makes it easy to synchronize your passwords between computers just by syncing one database file.

reC · January 1, 2021, 11:40pm

it’s not a bad thing to have diversity. it’s just that having a few different things that have similar functionality (securely storing/managing passwords/keys/keyrings/etc.) can be confusing at first until you figure out what is what … but such is life

jrial · January 2, 2021, 1:32am

Cool to see it run well on a phone interface.

ruff · January 2, 2021, 8:11am

By all means, freedom of choice and diversity is good for the end user. What is wrong here is the approach for developers. Inability to enforce (or at least promote) certain API patterns actually promotes NIH syndrome. If you cannot rely on libsecrets, libaccounts, libcontacts, etc. - you are forced to re-implement all those subsystems yourself for your application. Which makes your app an island. And then you need to implement various interfaces (import/exports) if you want to build bridges.

spaetz · January 6, 2021, 1:21pm

Hi there, I used to be a contributor to this, so I am glad that it is being showcased. Perhaps, I can clarify a few things:

Installation: it is package gnome-passwordsafe in Debian/Byzantinum and it is available through flatpak/flathub.
Name: yes, passwordsafe is a bad choice as there are plenty other "passwordsafe"s around, so there is an open issue about renaming it.
Comparison to seahorse: Seahorse is cool, but it is closely wedded to Linux and passwords are hard to transfer between systems (even Linux systems), not to speak of operating systems. passwordsafe’s selling point is in the single .kdbx file (keepass v4 format) storing everything. This file is portable between all keepass-parsing applications for Windows (keepass, keepassxc), Android (keepassdx(?), keepassdroid), ios (I am sure!) and Linux (keepassxc). I use a nextcloud instance to synchronize my passwords between all these systems, it is all in this 1 file. This is not possible with seahorse.
comparison to keepassxc: This is one cool program, and what I use on WIndows and desktop Linux. However, it is not suited to mobile screens. passwordsafe OTOH is targetting mobile screens and intends to be usable on touchscreens.
Features: no TOTP (yet), no autofill. autofill is a bitch (excuse my english), epiphany (aka Web) has an autofill feature, but the dbus service is being taken by the gnome-keyring service, so passwordsafe would have to take over ALL of gnome-keyrings features in order to replace it. (and configure a user’s system to be loaded INSTEAD of the gnome-keyring daemon). This is not a feasible approach for a small and specific user application.

UPDATE: keepass, which invented the file format was born on 2003-11-15. So rather than blaming all keepass files to be NIH (not-invented-here), we could ask everybody else why they created something different

Wayland makes controlling the clipboard from an program which is not the active program harder, so even clearing the clipboard needs to be reimplemented in a wayland/gtk4 compatible manner.

Feel free to ask me anything about passwordsafe.

fiacco · January 6, 2021, 8:03pm

Happy to talk to a contributor!
How about this?

I’ve quite a lot of categories, but I cannot scroll them, so only the firsts 11 are selectable on Librem 5 screen, and only 8 items on each category are visible. Well, you are so connected, this is a feature request