bilelmoussaoui / oo7

James Bond went on a new mission as a Secret Service provider
https://bilelmoussaoui.github.io/oo7/oo7/
MIT License
67 stars 12 forks source link

support for better login integration with new auth mechnisms like fingerprint or face recogonition etc. #121

Open hualet opened 2 months ago

hualet commented 2 months ago

original issue:

title: is this project aiming at replace gnome-keyring?

I couldn't find the right place to discuss these questions, so I'm posting them here in hopes of getting some answers :D

Is this project intended to replace gnome-keyring? Will this project consider integrating modern biometric authentication methods?

updating title/desc for better understanding:

gnome-keyring needs user's password to unlock the keyring during user login, but when new mechanims (like fingerprint, face recogonition etc.) are used, the keyring will stay locked and popup a input dialog for keyring password, that is very disturbing.

bilelmoussaoui commented 2 months ago

The project is aiming to replace gnome-keyring, and ultimately kwallet as well.

Will this project consider integrating modern biometric authentication methods?

I don't understand what kind of integration you mean? To unlock the keyring you mean?

hualet commented 2 months ago

The project is aiming to replace gnome-keyring, and ultimately kwallet as well.

Will this project consider integrating modern biometric authentication methods?

I don't understand what kind of integration you mean? To unlock the keyring you mean?

oh, sorry. I mean gnome-keyring needs user's password to unlock the keyring during user login, but we have fingerprint, face recogonition etc. to login nowadays, then the keyring will stay locked and popup a input dialog for keyring password, which is very disturbing, will this project try to solve this problem?

bilelmoussaoui commented 2 months ago

Yes sure, but that is usually handled by a pam module. The gnome keyring daemon should auto unlock at login.

Whether we should/could support other login mechanisms for unlocking the keyring is a future question that can be handled separately once we have the basics working properly.

I will keep this issue open but would you mind updating the issue title/description to explain what you meant exactly? Thank you

Sporesirius commented 2 months ago

I think things like passkeys or the webauthn standard in general would also be handled by pam modules and oo7 would store the keys encrypted? And will oo7 handle integration with tpm and security keys in this aspect or would that be integrated directly as pam modules?

The project is aiming to replace gnome-keyring, and ultimately kwallet as well.

Oh, so is the goal to streamline the passwords, certificates, passkeys, and overall sensitive data stack on Linux? Like Apple's Keychain?

bilelmoussaoui commented 2 months ago

I think things like passkeys or the webauthn standard in general would also be handled by pam modules and oo7 would store the keys encrypted? And will oo7 handle integration with tpm and security keys in this aspect or would that be integrated directly as pam modules?

I am not involved in those efforts, so I can't answer something I know nothing about.

Oh, so is the goal to streamline the passwords, certificates, passkeys, and overall sensitive data stack on Linux? Like Apple's Keychain?

No, it started as just replacing libsecret, which requires implementing the file backend used by gnome-keyring for the sandboxed use case -> why not implement also the server side implementation of the Secrets dbus interface.

Whether the scope will grow with time, I don't know. It depends on individual contributions & the community at large I guess.