search

Nitrokey / nitrokey-app

Nitrokey's Application (Win, Linux, Mac)
https://www.nitrokey.com/
287 stars 55 forks source link

Lock-Unlock unexpected behavior #385

Open ZAlexanderV opened 5 years ago

ZAlexanderV commented 5 years ago

OS: Windows 8.1 x64 Device: Nitrokey storage fw 0.52 Application: Nitrokey App 1.3.2 Connected USB port type: 3.0 Issue occurrency: always

  1. Open nitrokey app,
  2. press menu -> passwords
  3. select password.
  4. Enter nitrokey user pasword.

In nitrokey app button "unlock password safe" still active, "lock device" inactive. Expected "unlock password safe" still inactive, "lock device" active.

  1. press "unlock password safe"
  2. press "lock device",
  3. press menu -> passwords -> select any password TOTP password copied in buffer. Expected password request.
szszszsz commented 5 years ago

Hi! Thank you for the report!

Current situation might be unclear indeed. Unlocking TOTP password does not unlock the Password Safe. The latter is meant to be unlocked explicitly. Do you find it counter-intuitive?

Locking the device is not clearing the TOTP authorization session, and that might be perceived as a bug indeed. Similar issue needs to be created on Storage side as well (since it should clear all auth tokens).