New Post: App Showcase: Password Safe

uff, “password safe” is a well-known name for the FLOSS Windows password manager. kdbx is a keepass file format.
And while function-wise it is similar to Seahorse (password manager), implementation wise it is different. Seahorse is a GUI/frontend application to use gkr (gnome-keyring) password manager via libsecret DBus API. While this application is more like a re-implementation of the keepass.

Note - libsecret is used widely in the linux environment (by various apps) to store the keys. I don’t know whether this application is implementing and exposing libsecret DBUS API (allowing it to be used as drop-in replacement for gkr).

So I find this presentation very confusing, to say the least.

3 Likes

Does Password Safe has any kind of auto type functionality?

In PureOS Byzantium search for: gnome-passwordsafe

https://software.pureos.net/package/bin/byzantium/gnome-passwordsafe

1 Like

Now we just need an option to unlock the password database with the GPG key on the integrated smart-card reader. That way we can use the PIN of the smart-card to unlock the GPG encrypted database.

2 Likes

What about seahorse itself? I use that on the desktop/laptop, so better uniformity would be achieved by being able to use the same thing on the Librem 5. seahorse actually has a fairly compact UI so maybe it would be usable as is.

Even better if keyrings are interchangeable between desktop/laptop and Librem 5.

1 Like

This is seahorse on the L5:

1 Like

eternal linux problem - reinventing the wheel over and over again. very frustrating seeing this in official gnome project gitlab, similar to chatty/empaty, evolution/geary, now gkr/passwords. people decide it’s easier to start from scratch and slicing segmented community thinner and thinner.

4 Likes

Well passwordsafe is not the same thing as the system keyring, unless you store stuff like your banking website password in seahorse.

GNOME password safe would be more like a keepassxc compatible password manager, that can fit a 5 inch screen

2 Likes

Yeah, I saw that it supports keepass databases, and so for me it is perfect.

1 Like

what’s wrong with gkr that you would prefer passwords to it to store your bank key? I mean I know one uses aes128 and another aes256 but that’s exactly the point I’m making, instead of improving existing (widely adopted) code they just introduced Yet Another tm stuff.

2 Likes

NIH?

Anyway, Linux is all about choice, even at the expense of spreading more thinly.

It seems as if both work on the L5. So if you currently use keepass, use that on the L5 - and if you currently use seahorse (or use GNOME keyrings via another mechanism), use that on the L5.

1 Like

There are some people (such as myself) who have used a standalone password manager tool in the KeePass family for quite some time among other reasons for its portability on platforms and desktop environments that might not include Gnome. You could make the argument that keepass-backed password managers are at least as widely adopted, if not more widely adopted, than seahorse, and across more platforms.

While I use seahorse on my Librem 5 for some system-level passwords, It’s handy to have an alternative like Password Safe that supports KeePass database formats and makes it easy to synchronize your passwords between computers just by syncing one database file.

4 Likes

it’s not a bad thing to have diversity. it’s just that having a few different things that have similar functionality (securely storing/managing passwords/keys/keyrings/etc.) can be confusing at first until you figure out what is what … :weary: but such is life

1 Like

Cool to see it run well on a phone interface.

By all means, freedom of choice and diversity is good for the end user. What is wrong here is the approach for developers. Inability to enforce (or at least promote) certain API patterns actually promotes NIH syndrome. If you cannot rely on libsecrets, libaccounts, libcontacts, etc. - you are forced to re-implement all those subsystems yourself for your application. Which makes your app an island. And then you need to implement various interfaces (import/exports) if you want to build bridges.

2 Likes

Hi there, I used to be a contributor to this, so I am glad that it is being showcased. Perhaps, I can clarify a few things:

  1. Installation: it is package gnome-passwordsafe in Debian/Byzantinum and it is available through flatpak/flathub.

  2. Name: yes, passwordsafe is a bad choice as there are plenty other "passwordsafe"s around, so there is an open issue about renaming it.

  3. Comparison to seahorse: Seahorse is cool, but it is closely wedded to Linux and passwords are hard to transfer between systems (even Linux systems), not to speak of operating systems. passwordsafe’s selling point is in the single .kdbx file (keepass v4 format) storing everything. This file is portable between all keepass-parsing applications for Windows (keepass, keepassxc), Android (keepassdx(?), keepassdroid), ios (I am sure!) and Linux (keepassxc). I use a nextcloud instance to synchronize my passwords between all these systems, it is all in this 1 file. This is not possible with seahorse.

  4. comparison to keepassxc: This is one cool program, and what I use on WIndows and desktop Linux. However, it is not suited to mobile screens. passwordsafe OTOH is targetting mobile screens and intends to be usable on touchscreens.

  5. Features: no TOTP (yet), no autofill. autofill is a bitch (excuse my english), epiphany (aka Web) has an autofill feature, but the dbus service is being taken by the gnome-keyring service, so passwordsafe would have to take over ALL of gnome-keyrings features in order to replace it. (and configure a user’s system to be loaded INSTEAD of the gnome-keyring daemon). This is not a feasible approach for a small and specific user application.

UPDATE: keepass, which invented the file format was born on 2003-11-15. So rather than blaming all keepass files to be NIH (not-invented-here), we could ask everybody else why they created something different :wink:

  • Wayland makes controlling the clipboard from an program which is not the active program harder, so even clearing the clipboard needs to be reimplemented in a wayland/gtk4 compatible manner.

Feel free to ask me anything about passwordsafe.

10 Likes

Happy to talk to a contributor!
How about this?

I’ve quite a lot of categories, but I cannot scroll them, so only the firsts 11 are selectable on Librem 5 screen, and only 8 items on each category are visible. Well, you are so connected, this is a feature request :slight_smile:

I didn’t mean to criticize your work, which is just a password manager with adaptive interface - the more apps with adaptive interface out there the better. I also see it’s in the World area, not GNOME (which I mistakenly assumed)
NIH here comes to the approach of projects which instead of uplifting existing code (which is more or less stable and relatively widely adopted interfaces) just create (or adopt) new application which provides similar functionality but does not support existing interfaces. Which creates that so-called fragmentation.
So my frustration here was from misconception that gnome adopted this project as Yet Another Password Manager. While in reality it is not. Sorry for emotional blast.

2 Likes

happy new year ! and thank you for putting into words your side of the coin …

i was confused about this as well … why name it ‘gnome-passwordsafe’ ? wasn’t it shorter and more descriptive to name it ‘kdbx’ after the most sought out feature it has > the .kdbx file for back-up/sharing with other systems ? since ‘seahorse’ on the desktop is missing this VERY important feature … it could implement it or make use of it in it’s code base ? are there any licensing limitations ?

i’m not fond of ‘seahorse’ on the desktop as it is too obvious in the up-to-date-version from PureOS-GNOME-Byzantium that it is a mobile-wannabe app …

what is the back-end (CLI) for ‘gnome-passwordsafe’ ? do i need to write an alias just for this ?

gnome-passwordsafe had a 2-year development hiatus and a completely new set of developers. So consider the name an historic artifact, nobody of the current devs was involved in the naming and you would need to ask the original one about the reasoning :-).

1 Like