Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Support fido2 hmac-secret #358

Open
ksy63 opened this issue May 24, 2022 · 1 comment
Open

[Feature Request] Support fido2 hmac-secret #358

ksy63 opened this issue May 24, 2022 · 1 comment

Comments

@ksy63
Copy link

ksy63 commented May 24, 2022

The fido2 specification includes the hmac-secret extension that is supported by most vendors and can be used as substitude for a local password.

Recent contributions to systemd-homed have already provided an option to use hmac-secret for both login and automatic fscrypt decryption through pam. However, it would be great to have this feature available outside of systemd-homed as well.

A minor adjustment of the fscrypt-pam module could allow the use of the hmac-secret for fscrypt to provide the same functionality.

This could possibly be introduced as a fourth option during setup as well.

Related to #250

@stargazer1984
Copy link

Is there some way to sponsor this feature?
It sounds like it would not be too difficult to implement for someone familiar with pam modules and at the moment the only alternative is systemd-homed which still uses fscrypt v1 policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants