nsec icon indicating copy to clipboard operation
nsec copied to clipboard

Published 20 hours ago verified publisher icon ektrah

Secure private key with passphrase when exporting

Open dolphinsd opened this issue 6 years ago • 2 comments

Once private key is exported is not secure.

Proposal to add ability to encrypt the private key using a symmetric encryption key derived from a passphrase and then decrypted again.

dolphinsd avatar Oct 25 '18 17:10 dolphinsd

Yes, that would be a good enhancement. What specification should NSec implement to provide that? I was thinking of RFC 5958, Section 3 (EncryptedPrivateKeyInfo), but that covers only asymmetric keys.

ektrah avatar Oct 25 '18 18:10 ektrah

@ektrah it could be an option to Export call?

dolphinsd avatar Oct 26 '18 01:10 dolphinsd

An experimental implementation has been added in PasswordBasedKeyExporter.cs. I'm not sure how useful it is (and it's probably coming way too late too; sorry for that). Feedback is welcome.

ektrah avatar Nov 27 '22 14:11 ektrah