On 20.3.2014 1:57, Bumjin Im wrote:
Now I think we need to consider login manager which I didn't thought yet.
I just integrated 0.0.2 version of TLM and as the version number indicates, it is still early version, but eventually it would hopefully address the needs on Tizen. There's also a preliminary NFC plugin (not built yet in Tizen, needs more packages).
One way we were thinking of is to use gsignond for secondary key storage layer and then to just have a master key in /etc/shadow. Passphrase/tag/fob decrypts a master key that is then sent to PAM for login authentication. Or alternatively write a PAM plugin that talks to gsignond.
gsignond can be easily used much like a smart card device. One way is to use X.509 and then system uses a local symmetric key (equivalent of PIN) to decrypt X.509 private key on NFC tag which can then be used to sign a challenge to be verified against locally stored X.509 public key (cert). This way private key is not stored on the system while the private key on the NFC can only be read by the system it belongs to. It also allows other uses of the X.509 such as S/MIME or purchases.
Or alternatively use a stack of encrypted key files. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
