Enablement of Crypto hardware
Hardware based cryptography is becoming more widespread. A prominent example is TPM is present in modern laptops; but also HW tokens (e.g. yubikeys) that have support for GPG/SSH are popular.
The idea of the propsal is to integrate support for these kind of hardware items into GNOME so even non-expert users can setup and use them easily.
Some specific examples:
- Use TPM/crypto token (like yubikey) for GPG and SSH keys
Store the masterkey for gnome-keyring in the TPM (see StoringSecrets)
Additionally use something like clevis to also need the password (or the presence of a hw token)
The project consists of the following parts:
- Backend: gnome-keyring and other bits of infrastructure will need to be adapted to work with crypto HW.
- Frontend: User-interfaces need to be created, to make it
- easy to use the crypto HW, e.g. SSH/GPG key generation, importing existing keys.