https://bugs.kde.org/show_bug.cgi?id=482438
Bug ID: 482438
Summary: Support key slot like LUKS, so people can use both
password or smartcard to unlock kwallet
Classification: Frameworks and Libraries
Product: frameworks-kwallet
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: va...@kde.org
Reporter: coelacanthus...@gmail.com
CC: kdelibs-b...@kde.org
Target Milestone: ---
SUMMARY
KWallet only supports one password to unlock kwallet. People may want to use
FIDO/PIV to unlock wallets so they needn't input a password after logging in by
using FIDO/PIV, and can use a password if the security key is unavailable. LUKS
also faces this problem, so they designed a mechanism: no longer use passwords
directly, a LUKS has multiple key slots, and any key of slots can unlock LUKS.
So with additional work like systemd-cryptenroll, the FIDO device can generate
a strong key as a new key slot. So people can use both passwords and FIDO/PIV
to unlock LUKS.
You can see so document on the LUKS key slot in
https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/on-disk-format-luks2.pdf
EXPECTED BEHAVIOR
KWallet has a similar key slot feature, so users can use FIDO/PIV to both login
and unlock kwallet.
--
You are receiving this mail because:
You are watching all bug changes.
