Encrypt private key

[mitchhentges]

Chrome/FF/Opera (the WebExtension API) don't provide any way to encrypt data.
So, Fambit will need to handle its own passphrase, rather than tying into existing browser secure storage/credentials.

Perhaps on first install, Fambit provides the option of providing a passphrase, which is used to encrypt the private key. Every week, when donations normally happen automatically, Fambit uses the ! icon, and shows a popup (on-click) requesting the passphrase, which is used to sign and submit the microdonation transaction.

It would be neat-o if Fambit could entirely depend on the browser's credential management, but nothing exists or will exist for WebExtensions for a while yet, so we need to "roll our own", which is the worst thing in cryptography. At least there are good JS crypto libraries...

[mitchhentges]

Documented proof that chrome.storage (WebExtension API) does not encrypt storage.
So, I've got a tactic.

1. Upon running Fambit the first time (or, in the options menu for upgraded installations), the user can enter a passphrase to encrypt the private key
2. Every week, when donations are supposed to be finalized, Fambit will pop the "exclamation mark" icon. Clicking on it will request that the user enter their passphrase, which will be used to authorized the transactions
3. The next donation-finalization date will be set as a week from the user authorizing the donation (so that, if the user is 6 days late, you don't have a 13 day donation period, followed by a 1 day donation period).

This covers our bases, and also works with synchronizing data between browsers. Awesome

[mitchhentges]

SatoshiPay is pretty handwavy on this subject, and they currently recommend not "only top up small amounts at a time", so that "it shouldn’t hurt them too much if their funds get lost."
It's still important that we resolve this in Fambit, but hey, we aren't behind the "competition"