https://bugs.kde.org/show_bug.cgi?id=482438
Bug ID: 482438 Summary: Support key slot like LUKS, so people can use both password or smartcard to unlock kwallet Classification: Frameworks and Libraries Product: frameworks-kwallet Version: unspecified Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: va...@kde.org Reporter: coelacanthus...@gmail.com CC: kdelibs-b...@kde.org Target Milestone: --- SUMMARY KWallet only supports one password to unlock kwallet. People may want to use FIDO/PIV to unlock wallets so they needn't input a password after logging in by using FIDO/PIV, and can use a password if the security key is unavailable. LUKS also faces this problem, so they designed a mechanism: no longer use passwords directly, a LUKS has multiple key slots, and any key of slots can unlock LUKS. So with additional work like systemd-cryptenroll, the FIDO device can generate a strong key as a new key slot. So people can use both passwords and FIDO/PIV to unlock LUKS. You can see so document on the LUKS key slot in https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/on-disk-format-luks2.pdf EXPECTED BEHAVIOR KWallet has a similar key slot feature, so users can use FIDO/PIV to both login and unlock kwallet. -- You are receiving this mail because: You are watching all bug changes.