You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before writing the secret encryption key to disk we should use sodiumoxide::crypto::pwhash to derive an encryption key from a password.
This does also bring the question of how to pass in the password: (non-exhaustive list)
As a command-line argument
Just passing it on stdin
Prompt using a curses-like window
pinentry (sometimes gets into weird finicky states with gpg. might be a gpg bug though.)
or maybe support all of them?
And now I'm also thinking about looking into storing the secret key using libsecret (gnome-keyring/kwallet), so we don't have to take care of the password protection ourselves at all, hm.
The text was updated successfully, but these errors were encountered:
kyrias
changed the title
Password protected private key
Password protected secret key
Mar 5, 2017
Before writing the secret encryption key to disk we should use
sodiumoxide::crypto::pwhashto derive an encryption key from a password.This does also bring the question of how to pass in the password: (non-exhaustive list)
And now I'm also thinking about looking into storing the secret key using libsecret (gnome-keyring/kwallet), so we don't have to take care of the password protection ourselves at all, hm.
The text was updated successfully, but these errors were encountered: