Where does Chrome store encryption key on KDE/with Kwallet? Is it properly secured?
According to the google-chrome manpage:
--password-store=<basic|gnome|kwallet> Set the password store to use. The default is to automatically detect based on the desktop envi‐ ronment. basic selects the built in, unencrypted password store. gnome selects Gnome keyring. kwallet selects (KDE) KWallet. (Note that KWallet may not work reliably outside KDE.)
But It seems that on KDE either Chrome is, by default(if we don't pass any password-store option), storing the encryption somewhere else or it's using the basic method for reasons stated below.
Because If it was really really stored in some KDE wallet then first we should be able to see the "keys" by opening up KWalletManager which we actually can't, yes a Chrome Keys folder is created but that's all it is. And second, if we remove the corresponding files under ~/.local/share/kwalletd then Chrome should ask again to enter google password to turn sync back on again and see saved passwords and all those stuffs that are meant to be encrypted. But it doesn't, Chrome just remembers the secrets "magically", even though Chrome then asks to create a new wallet, but who has put the keys in the new wallet!!!
But what confuses me more is the fact that passing password-store=basic option, Chrome doesn't remember the secrets if we assume from the above fact that Chrome instead stores the keys in unencrypted form in some specific directory.
So as the last option, Chrome maybe just stores the secrets somewhere else(hopefully encrypted) unless Chrome says one thing but does something else, specifically says to be storing the keys in some KDE wallet but instead stores in unencrypted basic form.
So, I want to know how and where does chrome stores the keys when using KDE, which I'm just trying out currently? And is it really secured properly?
To clarify everything. all tests are done within KDE i.e. not using the password-store=kwallet option withing Gnome and while locking the Ubuntu Login Keyring and every other seahorse keyring so there is no way Chrome can get the key without asking user to unlock the Keyrings first.
Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.
More in general
"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"
