https://bugzilla.suse.com/show_bug.cgi?id=1219019 https://bugzilla.suse.com/show_bug.cgi?id=1219019#c1 Santiago Zarate <santiago.zarate@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |santiago.zarate@suse.com --- Comment #1 from Santiago Zarate <santiago.zarate@suse.com> --- Out of curiosity, how are you installing Nitrokey app? I was having trouble even starting it some time ago - https://github.com/Nitrokey/nitrokey-app2/issues/67 (In reply to Stakanov Schufter from comment #0)
Nitrokey app is a 35d party software provided by the producer Nitrokey. Its function should be as follows: app is resident in the tray insertion of the key triggers app to give notice "key connected" once you unlock the secure password and/or an TOTP key, this is temporarily copied into the clipboard, hence you can paste it into the respective application.
Hence the core function of the app is, to provide the TOTP or password to the clipboard and make it available.
Now under X-server sessions this works flawlessly, but to my dismay I discovered that it is broken under Wayland. While the generation of the TOTP/OTP and the availability of the passwords are given in Wayland, there seems to be no way to have them transferred to the clipboard, which remains blanc and hence the functionality is broken. I signed this as major because it breaks the function of the app itself and there is a potential damage to the user. Imagine you are in the middle of e.g. buying a ticket / time limited offer and you have to unlock the catch by payment now. Unfortunately you are under Wayland, so you will find out that e.g. you cannot pay. This I find it to be a major issue as it can cause financial loss to the user. Because in order to work around you have to logout the session and login the session as X, but now your offer/ticket etc is gone. (A lot of users I suppose use Wayland as default on laptops now).
A further danger I see with this is, that we are talking of shifting to Wayland as default and that X-server is somewhat deprecated now. So a security conscious user may well find himself sitting on the fence to choose between using less safe X doing business, not to speak of maybe soon, not being able to use the key at all, because no X-session is available any more(although this is probably still to come in future editions of TW but...better to fix it as soon as possible).
Steps to follow: wayland KDE Plasma session with the app2 insert key unlock password tell to copy to clipboard clipboard remains blanc
counter proof: log into the X-session version and it works. -- You are receiving this mail because: You are on the CC list for the bug.