I recently bought a Lenovo Thinkpad Edge E420s, which comes with a fingerprint reader. I have installed the fingerprint-gui and libbsapi to get it fully working (make: UPEK).
Is there a way to unlock the keyring on login using the fingerprint reader?
Apparently you can get it working by setting a blank password when using Thinkfinger, but that's not an option for me.
Running lsusb in the terminal returns
Bus 001 Device 003: ID 147e:1002 Upek
Best Answer
The whole pourpose of the keyring is to store your passwords and data on your storage device. To do that securely, they must be encrypted with something you know (your password). To unlock the keyring, you must provide the password so that gnome-keyring can decrypt the stored passwords. Your fingerprint can not be used as a password because it is not always the same. Fingerprint readers apply some fuzzy logic to tell if the stored fingerprint matches the read fingerprint and tell yes or no. That's why it can be used for authentication, but not for decryption of stored passwords (unless you have a blank password or would accept storing your master password unencrypted) The only way it could work is if the fingerprint device could store your master password on a chip in plaintext that could only be read if the fingerprint matches. And that's assuming that reading the internal memory/registers of a chip is much much harder than reading your local storage. I really don't know how it is done under windows, and I hope it is not security through obscurity. But if they're not using hardware to do this, they're simply using some obscure (but insecure) method to store your passwords.