signal-cli icon indicating copy to clipboard operation
signal-cli copied to clipboard
verified publisher icon AsamK

Add Support for Using System Keyring for Storing Sensitive Information

Open marcos-morar opened this issue 10 months ago • 1 comments

Currently, signal-cli stores sensitive information in plain text. Integrating with the system keyring would enhance the security of signal-cli.

Proposed Features:

Keyring Integration: Implement functionality to store and retrieve Signal's encryption keys and other sensitive data using the system keyring services.

Command Line Options: Add command-line options or configuration settings to enable/disable keyring use.

Automatic Detection: Automatically detect the available keyring service on the system and use it by default, with an option for users to opt-out if preferred.

Fallback Mechanism: If no keyring service is detected or if there's an issue with the keyring, fall back to the current method of storing information.

Security Enhancements: Ensure that if the keyring is locked, signal-cli prompts for unlocking or waits for user interaction before proceeding with operations that require access to stored secrets.

marcos-morar avatar Feb 10 '25 08:02 marcos-morar

If this gets implemented, I'd probably go the same route as Signal-Desktop. I.e. store one master key in the keyring and use that to encrypt all other sensitive data in signal-cli.

AsamK avatar Feb 27 '25 10:02 AsamK