Leap 42.2 kWallet empty. All Paswords lost.


this is a horrible situation. A few days ago i logged into my system and found that my KWallets are empty. I lost maybe 100 passwords that need on my job.

I did an update from Leap 42.1 to 42.2 2 months ago. When i checked kwallet application i found, that i had 2 conflicting versions running, one from leap 42.1 an one from 42.2. this caused a permanently hight system activity. So i removed the older one. The remaining KWallet5 seems to run okay. But still the wallets were gone.

I tried to import a backup that i created prior to the system upgrade 2 months ago. However, i could not import the binary wallet backup.

I had posted the import problem in this forum in this POST but nobody replied until now.

I appreciate any help. I did quite some research but could not come up with any solution.


You can try cracking kwallet.

Here is one tool, kwallet2john… Based on postings, it might have been effective as recently as 2015.

A Blog on the procedure

The source repository, where you can also download a tar package

So, hopefully lesson learned…
Don’t ever encrypt anything important (and why else would you encrypt?) without also creating an unencrypted copy elsewhere, likely on removable storage you can throw in a drawer or safe. And although is is “only” an encrypted file, the same “Best Practice” should apply to encrypted systems and partitions as well.

HTH and good luck,

Hey TSU,

thanks for suggesting this straightforward approach of cracking. Good idea, however i could not manage to verify the download files signature via gnupg (which i eventually was forced to deal with after years of procrastination). To bad! Just dont know how to do it in KGpg. In the command line of gpg2 (version 2.0.24-5.5) i can not see the openwall key i imported in KGpg. I have to check that some times lateron…


Just a dumb question:
Apart from the perceived better encryption with GPG, why did you choose it over the Blowfish alternative?
[HR][/HR]The reason I’m asking is:

  • The (new) default KDE Display Manager – sddm – can automatically open KWallet (the “kdewallet” wallet) at login only if “kdewallet” is using Blowfish encryption.

This means that, assuming that the Wallet “kdewallet” contains the WLAN keys, WLAN can be connected automatically at login only if the Wallet is encrypted with Blowfish.

There are suggestions in the KWallet world to create a second Wallet which uses GPG for things which are more critical than the WLAN keys.

Just to state the obvious wallets are not secure whatever the encryption, since as i understand it, it is possible for one application to demand the passwords of another, (so use keepassx for the truly important stuff).

It is possible that, this is in general true but, for the case of KWallet (possibly due to the issue being raised here), there is a set-up flag which forces KWallet to ask for confirmation whenever an application attempts to access the wallet(s).

And yes, it is possible to set-up, via rules, that a specific application is always allowed access to the wallet(s) without further confirmation – when user accounts are first set-up, this is a step which may be taken for things such as e-Mail accounts or WLAN access or the KDE Crash Manager (DrKonqui).

have you considered to run the old openSUSE Leap 42.1 with the old KWallet on a live system or a virtual machine and try to reopen backups with that version?

From [0] I’ve found this:

KWallet 5 will have to open your wallet from KWallet 4 and import all the data into a new wallet.

Probably there is a bug somewhere in the importing procedure, so I would give a try using the old KWallet.

Hope this somewhat helped you,


[0] https://wiki.gentoo.org/wiki/KDE/Plasma_5_upgrade#KWallet

I think you have another option, in case the filesystem in use is Btrfs, you can use Snapper and go back to a state where KWallet and your wallet where working.


That might be a solution since according to the original post, the passwords were probably accessible when kwallet4 existed on the system and were inaccessible only after kwallet4 was removed.


I downloaded a craqcker programm as recommended by TSU in order to open the encrypted kwallet file with it ( I did not manage to open in in kwallet5). This program has access to sensitive data (passwords) and was signed with GnuPG. I tried to verify the download to make sure, the program was not corrupted. That’s what i was refering to.

Hey Hawake,

in the IRC Channel KDE utils somebody told me the versione should be compatible, at least kwallet5 should be able to read kwallet4 wallets. I lost my 42.1 as i ran an upgrade. Kwallet4 still was present and when i encountered problems with kwalet dissappearing i found, that kwallet4 and kwallet5 were both running an having some sort of conklict causing high CPU loads. Therefore i uninstalled kwallet4.

Thanks for the link. But my kwallet4 WAS present for about 2 months after upgrade and migration seems to have run through fine because i used my “old” wallet for almost 2 months without problems.


Thats true. But Snapper only covers my root partition (btrfs). My home partition holding all the personal stuff like wallets resides on an XFS partition. I dont know why, but snapper does not do any backups from it. I should try to include it in the snapshots i guess :). Is that possible with XFS?


If he is not using Btrfs and/or Snapper, he could try to recover deleted files with TestDisk or similar (some hex editors have this capability too: wxHexEditor or Radare2).


No snapper only covers root (BTRFS) Don’t think snapper can be used on XFS even so it is not really suitable for home or places a large amount of changes may happen. Best to do conventual backups for your data. Remember it is not a backup like RAID is not a backup. You lose the drive or file system is corrupted snapper goes also. It is more a version control system then a backup

Ok, so let’s try recovering those files. Read the following links: http://superuser.com/questions/150027/how-to-recover-a-removed-file-under-linux , http://unix.stackexchange.com/questions/80270/unix-linux-undelete-recover-deleted-files , http://www.linuxquestions.org/questions/linux-software-2/how-do-i-undelete-files-on-an-xfs-filesystem-718787/ .

I hope you can find something useful and working there,


the kwallet file wasn not deleted - not really… It was simply gone. In the meantime while trying to import the backup i created files with the same name. So it might be difficult to restore the “deleted” file with this name.

The procedures explained in links you sent me are to complicated for me. I dont think io could acomplish a restore that way without destroying my system aven more.

thanks anyways!


If your kwallet store file is gone, that is a real problem. I’d be surprised if that happened by an upgrade, Upgrades aren’t supposed to delete personal files, AFAIK.

As noted, our snapper as shipped does not support XFS snapshotting, but it can be done… Google “XFS snapshotting” for the many articles how it can be done.

The main idea of rolling back your root partition (if the fs is BTRFS) is to restore the kwallet4 application so that your password store might be readable again (of course your password file has to exist).

I would expect if you copied or backed up that file <anywhere> and restored or copied the file to your system <and> roll back your system could allow you to open and extract the file contents.