fscrypt icon indicating copy to clipboard operation
fscrypt copied to clipboard
verified publisher icon google

[Feature Request] Support fido2 hmac-secret

Open ksy63 opened this issue 3 years ago • 1 comments

The fido2 specification includes the hmac-secret extension that is supported by most vendors and can be used as substitude for a local password.

Recent contributions to systemd-homed have already provided an option to use hmac-secret for both login and automatic fscrypt decryption through pam. However, it would be great to have this feature available outside of systemd-homed as well.

A minor adjustment of the fscrypt-pam module could allow the use of the hmac-secret for fscrypt to provide the same functionality.

This could possibly be introduced as a fourth option during setup as well.

Related to #250

ksy63 avatar May 24 '22 13:05 ksy63

Is there some way to sponsor this feature? It sounds like it would not be too difficult to implement for someone familiar with pam modules and at the moment the only alternative is systemd-homed which still uses fscrypt v1 policy.

stargazer1984 avatar Oct 15 '24 21:10 stargazer1984