Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect private key in exported identity #158

Open
roeslpa opened this issue Mar 4, 2016 · 0 comments
Open

Protect private key in exported identity #158

roeslpa opened this issue Mar 4, 2016 · 0 comments
Labels
crypto enhancement
Milestone
POST BETA

Comments

@roeslpa
Copy link
Collaborator

roeslpa commented Mar 4, 2016

Even if we assume the device to be secure by definition, the exported identity could be sent from device 1 to device 2 via insecure channel. If the user does not use a secure channel, the private key is disclosed. Hence the private key should be encrypted with a key derived from a password during the export and decrypted during the import (as it is usually done with private keys).
@roeslpa roeslpa added this to the POST BETA milestone Mar 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto enhancement
Projects
None yet
Milestone
POST BETA
Development

No branches or pull requests
1 participant
@roeslpa