virtual-fido icon indicating copy to clipboard operation
virtual-fido copied to clipboard
verified publisher icon bulwarkid

Using native secret storage

Open shocklateboy92 opened this issue 3 years ago • 5 comments

I noticed in your readme that you plan to support storing secrets in an encrypted file. You should consider delegating that to secret storage mechanisms of the operating system (e.g. gnome-keyring or kwallet). Will mean less work for you, and less security bugs :smile:

https://specifications.freedesktop.org/secret-service/latest/

shocklateboy92 avatar Sep 18 '22 19:09 shocklateboy92

But this software supports windows (and mac in future).

Dbus and freedesktop don't want to port on windows, or at least to provide binaries.

Mart-Bogdan avatar Sep 19 '22 04:09 Mart-Bogdan

Good point. But there is a windows equivalent: https://github.com/danieljoos/wincred

shocklateboy92 avatar Sep 19 '22 04:09 shocklateboy92

This is definitely a potential feature down the line, though right now I am prioritizing getting basic Mac support up and running. I do see the value in hardened credential storage on each platform, though I also want to allow people to be able to export/transfer credentials even in that case.

cmdli avatar Sep 19 '22 19:09 cmdli

That makes perfect sense :slightly_smiling_face: Of course, I haven't done any MacOS development, but I assumed it would take drastically less code/time to use keychain than to write the storage mechanism yourself. :shrug: https://github.com/keybase/go-keychain

shocklateboy92 avatar Sep 22 '22 06:09 shocklateboy92

To me the most important aspect of this project is, that it can address the drawback of not being able to back up your keys. Depending upon the "native store" chosen you might again loose this option.

jo-vf avatar Oct 20 '22 07:10 jo-vf