[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Password-protecting identity key?
Hi,
before making my next feature request, I'd like to hear some
comments on whether it'd be sensible...
At the moment, each node's "identity.key" is not protected at
all, so a server seizure might easily compromise it.
For my own node I've toyed around a bit with encrypting (gnupg)
the key, asking for the passphrase at startup and only decrypting
to a random-key-encrypted temporary storage (cryptfs). In this
setup the key would never be lying around unencrypted.
I suppose, the SURB keyring is already encrypted, so maybe some
kind of built-in identity key encryption might be feasible with
not too much additional effort.
Ciao
Tobias
--
sapias, vina liques, et spatio brevi
spem longam reseces. dum loquimur, fugerit invida
aetas: carpe diem, quam minimum credula postero.
(Quintus Horatius Flaccus, c.1,11)