kwallet needed on smartphones?

Bernhard Reiter bernhard at intevation.de
Thu Jun 3 11:23:45 CEST 2010 

Am Dienstag, 1. Juni 2010 10:37:27 schrieb Markus:
> I think KWallet or some equivalent definitely makes sense.

Yes, though it is counterintuitive on the firsth thoughts, because Karl does 
not want to interrupted by dialog all the time and he already entered his 
PIN.

> There was once some talk going on about merging KWallet and GNOME Keyring
> back-ends.

Note that the GnuPG family also has components that are similiar in 
functionality. And we will need Gnupg2 anyway for emails' OpenPGP and S/MIME 
and crypto operations on files. 
So we will get a pinentry and the gpg-agent is also an in-memory store for 
credentials. I am not an expert on dbus, but I think it would need to make 
sure that not all applications have the same access to the credentials on top 
of dbus.

> Maybe the idea can be picked up in a way to provide plugable back-ends to
> KWallet. On mobile phones a back-end that's more phone-specific could be
> beneficiary. I'm thinking of a way to decrypt passwords via SIM card. A
> specific SIM card has to be authenticated via password once and from then
> on it's up to the user whether he/she wants to setup a PIN or not. If the
> user enters the phone's PIN, the system starts up, checks for the SIM, and
> decrypts automatically. Only when the user switches providers, he/she gets
> a message like: "New SIM card detected. To guaranty safety to your data,
> please authenticate this SIM with your password" or so.

This would mean to save the key for the credential store on the SIM card 
somehow, as I have outlined in my first post. The key would need to be long 
enough and the user would need to make a copy in case the sim card gets 
damaged.

I don't know how easy this is from the technical side. So unless that is 
implemented we need a second dialog.

Am Dienstag, 1. Juni 2010 12:04:47 schrieb Cyrille Berger:
> I am ready to bet that 99% of N900&al users will have a simcard. So I might
> be tempted to suggest to go with the SIM card solution as the preferred
> way, and when the simcard is not available, to fallback to a password
> dialog.

I agree that the SIM card is a good solution. It is not enough for the higher 
security mode, though. 
Also Note that there will be quite a few other Meego users that might not have 
a sim card or similiar available.


Bernhard
-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/kde-mobile/attachments/20100603/9d23e085/attachment.sig

More information about the Kde-mobile mailing list