[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Keystore usability -- passphraseless keys, etc.

From: Nathaniel Smith
Subject: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
Date: Mon, 19 Feb 2007 16:47:15 -0800
User-agent: Mutt/1.5.13 (2006-08-11)

A proposal (at ):

I think the keystore, ~/.monotone/keys, could be more usable.  (And
this is an area where usability is important for security.)

  * It is not obvious how to find one's public key
  * It is not obvious that ~/.monotone/keys/ contains private keys
    (recently a very smart person sent me his private key
  * We would like to allow passphrase-less keys, but it should be
    obvious when you have such a key

Proposed solution: stick extra tags on the end of files we write to
the keystore.  At read time, we can do just like we do now, and just
read whatever files are there and suck out any keypair packets.  At
write time, we peek at the key we're going to write, and name the file
like <keyid>-<EXTRASTUFF>, where <EXTRASTUFF> is either "PRIVATE" or
"PRIVATE,NO-PASSPHRASE", so people are always clear on what exactly
they have when they look in the key dir.  So I might have
~/.monotone/keys/address@hidden  (We could also write out a
pubkey packet for convenience, and stick that in a file with -PUBLIC
stuck on the end.)


-- Nathaniel

The Universe may  /  Be as large as they say
But it wouldn't be missed  /  If it didn't exist.
  -- Piet Hein

reply via email to

[Prev in Thread] Current Thread [Next in Thread]