Closed goetzc closed 11 months ago
@goetzc has funded $100.00 to this issue.
@johanricher has funded $2.00 to this issue.
@johanricher has funded $18.00 to this issue.
An anonymous user has funded $20.00 to this issue.
@spiregarden has funded $40.00 to this issue.
Is anyone working on this issue?
1password supports this as quick unlock. On startup you enter your master password, and for quickunlock it's done via polkit so that a native GNOME fingerprint dialog pops up.
it's done via polkit so that a native GNOME fingerprint dialog pops up.
There's probably more than one way to do it. It's just that there are multiple other things that need to be finished first.
edit: This could be done with platform-specific ifdef
s without waiting for all the other stuff, but it will be cleaner if at least the common interface is implemented first.
Implementation note:
If this is going to save the encrypted DB passphrase similar to the TouchID and WinHello implementations, the user-space keyring (secret service) is not what you want for that (especially when KPXC is itself used as the secret service backend). This should use the kernel keyring:
https://man7.org/linux/man-pages/man7/keyrings.7.html
https://man7.org/linux/man-pages/man7/persistent-keyring.7.html
An anonymous user has funded $50.00 to this issue.
If you are putting money into it, you are losing it. Nobody will be able to receive that money as IssueHunt is not responding to withdrawal requests.
Just a heads up. It's best to just forget about it.
Github really needs to start an internal bounty program...
@johanricher has cancelled funding for this issue.(Cancelled amount: $2.00) See it on IssueHunt
@johanricher has cancelled funding for this issue.(Cancelled amount: $18.00) See it on IssueHunt
I don't know if there are really problems with IssueHunt, but there is no message about it on their website, and no relevant results in a quick Google search. It looks functional.
There is chatter on Twitter, but it looks like a recent development
Want to check on the status of this.
Some form of speed authentication in general on trusted devices, especially for the length of the login session or active process, seems like an absolutely acceptable thing to support if it is not difficult to support long term.
Based on some of the comments above, it seems that the process could go something like this:
I've not been around the block so to speak as a programmer so if any of that is way off base please feel free to let me know, otherwise if it's not already in process would be happy to help put in work as I genuinely love this project and use it everywhere.
I've seen some valid commentary back and forth on a few of these related issues. Yes, it would make it less secure on the device, and making it an opt-in per device if that is the concern is completely fine. Many less-technical users still understand the trade-off and are fine with it, the users that are not fine with this tradeoff can leave it off, that is totally fine.
I think that the general user pattern of making the password on the database file itself very long is a good idea to encourage if the file will be shared between systems. Avoiding users feeling the need to shorten their master password because of inconvenience on trusted devices seems like a fair call, especially as a product that helps keepass feel much more consumer friendly in general.
Sounds about right. I don't think anyone is working on this at the moment.
Do we need an app to promise payment for a bounty?
I pledge $200 USD via paypal, BTC, ETH, or ADA if apt install keepassxc
supports the fingerprint reader on my framework laptop . Offer only good during 2023.
I pledge $200 USD via paypal, BTC, ETH, or ADA if
apt install keepassxc
supports the fingerprint reader on my framework laptop . Offer only good during 2023.
I am going to match that for pacman -S keepassxc and the latest Thinkpads.
My currently open PR to add support for Polkit should get fingerprint support working on any Linux laptop which has support from libfprint and thus Polkit.
So ifwhen this gets in - where do I send rewards?
So ifwhen this gets in - where do I send rewards?
Shoot me an email to the address on my GitHub (thomas@hexf.me) and we can work it out there
So ifwhen this gets in - where do I send rewards?
Shoot me an email to the address on my GitHub (thomas@hexf.me) and we can work it out there
If you have a crypto wallet you can drop me the address in DM when the PR is approved and I will send stablecoins (or any other major crypto) of your choice.
@hexf How's this going?
Waiting on it to get merged
So ifwhen this gets in - where do I send rewards?
Shoot me an email to the address on my GitHub (thomas@hexf.me) and we can work it out there
Email sent!
Is there any document on how to enable this? I do not find such option on database creation in latest keepassxc (2.7.6-2, archlinux), neither can I find any related material in user document.
It's not available in a released version yet. You need to use a snapshot build: https://snapshot.keepassxc.org
Seems Polkit is having some issues on latest OpenSUSE Tumbleweed, although fingerprint is already registered, it says Failed to authenticate with Quick Unlock: Polkit authorization failed
Probably that's why it is an snapshot version, will wait until a release then.
Snapshot has nothing to do with this feature functionality. The error message you received points to an issue with your polkit, not keepassxc. Double check that polkit works in general for you.
Is this in the 2.7.7 release? I can't see anything in changelog: https://github.com/keepassxreboot/keepassxc/blob/release/2.7.x/CHANGELOG.md
Thanks all for your work :)
No it is not, we decided to withhold this feature as it isn't equally functional across distros at this time
That's sad to hear, but thanks anyway for taking time to reply :) Have a nice day.
You can always run a snapshot build: https://snapshot.keepassxc.org
thanks for taking this challenge! do you know if this will be available in the next release?
This is being released with 2.8.0
Sorry if this is dumb, but I just tried the latest snapshot version, and I dont find where can I enable fingerprint unlock?? Can someone enlighten me on this?
You need to create the polkit authorization, see the PR for details
You need to create the polkit authorization, see the PR for details
Sorry, but what is "PR"?
Can someone provide a link for this? I also was unable to find this INFO in the 2.8.0 snapshot documentation, since the "Online help" opens nothing.
You need to deploy this file to the polkit policy folder.
At this point if you can't do that then you will have to wait for this to be an official release. If you build develop branch on your own and install it as root then this file will be deployed for you.
Thanks for the link. I added the file to /usr/share/polkit-1/actions folder, permission 644.
Yet, it still works exactly as 2.7.8, and I see no fingerprint options/config.
You may need to rename it without the .in
suffix
I actually added a symlink without the .in
when I created it.
Which would be the new behavior?
Since this has been already closed. Has someone tested this and can confirm it is working properly?
Since this has been already closed. Has someone tested this and can confirm it is working properly?
I tried the appimage of a a couple days ago, and it was working, in the sense that if you lock an open DB it allows you to unlock it with fingerprint. But you still need a password to open it initially.
Not what I wanted, but...
Summary
On GNU/Linux this can be done around fprint, which is the current general method to manage fingerprint readers.
From the projects' homepage:
More info:
https://www.freedesktop.org/wiki/Software/fprint/ http://www.linux-pam.org/
Context
Opening a Linux-specific ticket, similar to the Windows-specific one, as the general issue can be to broad to support both potential bounties for each OS.
IssueHunt Summary
### Backers (Total: $210.00) - [ goetzc](https://issuehunt.io/u/goetzc) ($100.00) - [ spiregarden](https://issuehunt.io/u/spiregarden) ($40.00) - $70.00 have been anonymously funded. #### [Become a backer now!](https://issuehunt.io/r/keepassxreboot/keepassxc/issues/5991) #### [Or submit a pull request to get the deposits!](https://issuehunt.io/r/keepassxreboot/keepassxc/issues/5991) ### Tips - Checkout the [Issuehunt explorer](https://issuehunt.io/r/keepassxreboot/keepassxc/) to discover more funded issues. - Need some help from other developers? [Add your repositories](https://issuehunt.io/r/new) on IssueHunt to raise funds.