New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Linux fingerprint reader support (via fprint) #5991
Comments
@goetzc has funded $100.00 to this issue.
|
@johanricher has funded $2.00 to this issue.
|
@johanricher has funded $18.00 to this issue.
|
An anonymous user has funded $20.00 to this issue.
|
@spiregarden has funded $40.00 to this issue.
|
Is anyone working on this issue? |
1password supports this as quick unlock. On startup you enter your master password, and for quickunlock it's done via polkit so that a native GNOME fingerprint dialog pops up. |
There's probably more than one way to do it. It's just that there are multiple other things that need to be finished first. edit: This could be done with platform-specific |
Implementation note: |
An anonymous user has funded $50.00 to this issue.
|
|
Github really needs to start an internal bounty program... |
@johanricher has cancelled funding for this issue.(Cancelled amount: $2.00) See it on IssueHunt |
@johanricher has cancelled funding for this issue.(Cancelled amount: $18.00) See it on IssueHunt |
I don't know if there are really problems with IssueHunt, but there is no message about it on their website, and no relevant results in a quick Google search. It looks functional. |
There is chatter on Twitter, but it looks like a recent development |
Want to check on the status of this. Some form of speed authentication in general on trusted devices, especially for the length of the login session or active process, seems like an absolutely acceptable thing to support if it is not difficult to support long term. Based on some of the comments above, it seems that the process could go something like this:
I've not been around the block so to speak as a programmer so if any of that is way off base please feel free to let me know, otherwise if it's not already in process would be happy to help put in work as I genuinely love this project and use it everywhere. I've seen some valid commentary back and forth on a few of these related issues. Yes, it would make it less secure on the device, and making it an opt-in per device if that is the concern is completely fine. Many less-technical users still understand the trade-off and are fine with it, the users that are not fine with this tradeoff can leave it off, that is totally fine. I think that the general user pattern of making the password on the database file itself very long is a good idea to encourage if the file will be shared between systems. Avoiding users feeling the need to shorten their master password because of inconvenience on trusted devices seems like a fair call, especially as a product that helps keepass feel much more consumer friendly in general. |
Sounds about right. I don't think anyone is working on this at the moment. |
Do we need an app to promise payment for a bounty? I pledge $200 USD via paypal, BTC, ETH, or ADA if |
I am going to match that for pacman -S keepassxc and the latest Thinkpads. |
This commit and subsequent pull request adds support for Quick Unlock on Linux via Polkit Polkit allows for authentication of many means, including fingerprint scanning fixing Issue keepassxreboot#5991 Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other mediums easier. This also fixes keepassxreboot#3337, giving fingerprint reader support to the final major supported platform - Linux.
This commit and subsequent pull request adds support for Quick Unlock on Linux via Polkit Polkit allows for authentication of many means, including fingerprint scanning fixing Issue keepassxreboot#5991 Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other mediums easier. This also fixes keepassxreboot#3337, giving fingerprint reader support to the final major supported platform - Linux.
This commit and subsequent pull request adds support for Quick Unlock on Linux via Polkit Polkit allows for authentication of many means, including fingerprint scanning fixing Issue keepassxreboot#5991 Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other mediums easier. This also fixes keepassxreboot#3337, giving fingerprint reader support to the final major supported platform - Linux.
This commit and subsequent pull request adds support for Quick Unlock on Linux via Polkit Polkit allows for authentication of many means, including fingerprint scanning fixing Issue keepassxreboot#5991 Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other mediums easier. This also fixes keepassxreboot#3337, giving fingerprint reader support to the final major supported platform - Linux.
My currently open PR to add support for Polkit should get fingerprint support working on any Linux laptop which has support from libfprint and thus Polkit. |
So ifwhen this gets in - where do I send rewards? |
Shoot me an email to the address on my GitHub (thomas@hexf.me) and we can work it out there |
If you have a crypto wallet you can drop me the address in DM when the PR is approved and I will send stablecoins (or any other major crypto) of your choice. |
Closes keepassxreboot#5991 Closes keepassxreboot#3337 - Support fingerprint readers on Linux Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier. Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Closes keepassxreboot#5991 Closes keepassxreboot#3337 - Support fingerprint readers on Linux Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier. Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
@HexF How's this going? |
Waiting on it to get merged |
Closes keepassxreboot#5991 Closes keepassxreboot#3337 - Support fingerprint readers on Linux Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier. Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Closes keepassxreboot#5991 Closes keepassxreboot#3337 - Support fingerprint readers on Linux Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier. Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Email sent! |
Is there any document on how to enable this? I do not find such option on database creation in latest keepassxc (2.7.6-2, archlinux), neither can I find any related material in user document. |
It's not available in a released version yet. You need to use a snapshot build: https://snapshot.keepassxc.org |
Seems Polkit is having some issues on latest OpenSUSE Tumbleweed, although fingerprint is already registered, it says |
Snapshot has nothing to do with this feature functionality. The error message you received points to an issue with your polkit, not keepassxc. Double check that polkit works in general for you. |
Is this in the 2.7.7 release? I can't see anything in changelog: https://github.com/keepassxreboot/keepassxc/blob/release/2.7.x/CHANGELOG.md Thanks all for your work :) |
No it is not, we decided to withhold this feature as it isn't equally functional across distros at this time |
That's sad to hear, but thanks anyway for taking time to reply :) Have a nice day. |
You can always run a snapshot build: https://snapshot.keepassxc.org |
Summary
On GNU/Linux this can be done around fprint, which is the current general method to manage fingerprint readers.
From the projects' homepage:
More info:
https://www.freedesktop.org/wiki/Software/fprint/
http://www.linux-pam.org/
Context
Opening a Linux-specific ticket, similar to the Windows-specific one, as the general issue can be to broad to support both potential bounties for each OS.
IssueHunt Summary
Backers (Total: $210.00)
Become a backer now!
Or submit a pull request to get the deposits!
Tips
The text was updated successfully, but these errors were encountered: