Use zx2c4's password store (pass(1))
problem
pass(1) [0] offers a unified and portable password store based on flat files, GPG and Git. It would be good if Gajim could use it as an additional password-storage backend.
[0] http://www.passwordstore.org/
analysis
The easiest would be to use the command-line pass(1) tool to interact with the store. The needed interaction is simply addition/replacement of password, and retrieval.
pass(1) allows to store passwords in a tree-like structure, letting the user sort the password to their preference. Gajim could store its password in, say, gajim/AccountName
. Alternatively the user could supply a path within the store, or a pattern (with placeholders for username, account, server, ...).
enhancement recommendation
Add a PassPasswordStorage, in a similar way to SecretPasswordStorage or KWalletPasswordStorage, which interacts with pass(1). See attached patch for a rough, but functional stub.
A few issues in this implementation wrt. pass(1):
- The password is updated in the store at every keypress, leading to a number of unecessary git commits
- Addition/replacement of a password in the store is implemented with the same pass(1) call to insert forcefully (
pass insert -f
) the new password. This prevents storing additional information in the file, as can be useful for, e.g., federated login website or retaining other information. - If the password is already present in the store, the user should have a way to not replace it.
- For some reason I don't get, the password is queried at account-creation, but not set. Setting it later on in the Accounts dialog works. This probably requires some more work on the wizard/passwordstore integration.
- There might be a need to react better to decryption failures.