Bug ID 1219019
Summary Nitrokey2 app is not functional under Wayland
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Tumbleweed
Status NEW
Severity Major
Priority P5 - None
Component Other
Assignee screening-team-bugs@suse.de
Reporter stakanov@disroot.org
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

Nitrokey app is a 35d party software provided by the producer Nitrokey. 
Its function should be as follows:
app is resident in the tray
insertion of the key triggers app to give notice "key connected"
once you unlock the secure password and/or an TOTP key, this is temporarily
copied into the clipboard, hence you can paste it into the respective
application. 

Hence the core function of the app is, to provide the TOTP or password to the
clipboard and make it available. 

Now under X-server sessions this works flawlessly, but to my dismay I
discovered that it is broken under Wayland. While the generation of the
TOTP/OTP and the availability of the passwords are given in Wayland, there
seems to be no way to have them transferred to the clipboard, which remains
blanc and hence the functionality is broken. I signed this as major because it
breaks the function of the app itself and there is a potential damage to the
user. Imagine you are in the middle of e.g. buying a ticket / time limited
offer and you have to unlock the catch by payment now. Unfortunately you are
under Wayland, so you will find out that e.g. you cannot pay. This I find it to
be a major issue as it can cause financial loss to the user. Because in order
to work around you have to logout the session and login the session as X, but
now your offer/ticket etc is gone. (A lot of users I suppose use Wayland as
default on laptops now).

A further danger I see with this is, that we are talking of shifting to Wayland
as default and that X-server is somewhat deprecated now. So a security
conscious user may well find himself sitting on the fence to choose between
using less safe X doing business, not to speak of maybe soon, not being able to
use the key at all, because no X-session is available any more(although this is
probably still to come in future editions of TW but...better to fix it as soon
as possible). 

Steps to follow: 
wayland KDE Plasma session with the app2
insert key
unlock password
tell to copy to clipboard
clipboard remains blanc 

counter proof: log into the X-session version and it works.

You are receiving this mail because: