[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
From: |
Ralf S. Engelschall |
Subject: |
Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc. |
Date: |
Tue, 20 Feb 2007 09:33:24 +0100 |
User-agent: |
Mutt/1.5.13 OpenPKG/CURRENT (2006-08-11) |
On Mon, Feb 19, 2007, Nathaniel Smith wrote:
> [...]
> * It is not obvious how to find one's public key
> * It is not obvious that ~/.monotone/keys/ contains private keys
> (recently a very smart person sent me his private key
> accidentally...)
> * We would like to allow passphrase-less keys, but it should be
> obvious when you have such a key
>
> Proposed solution: stick extra tags on the end of files we write to
> the keystore. At read time, we can do just like we do now, and just
> read whatever files are there and suck out any keypair packets. At
> write time, we peek at the key we're going to write, and name the file
> like <keyid>-<EXTRASTUFF>, where <EXTRASTUFF> is either "PRIVATE" or
> "PRIVATE,NO-PASSPHRASE", so people are always clear on what exactly
> they have when they look in the key dir. So I might have
> ~/.monotone/keys/address@hidden (We could also write out a
> pubkey packet for convenience, and stick that in a file with -PUBLIC
> stuck on the end.)
I think the tags should be even part of the file *content* as the file
content is usually copy & pasted around between application windows.
Currently the content reads...
# ~/.monotone/keys/<user>:
| [keypair <user>]
| <base64-publickey>#
| <base64-privatekey>
| [end]
..but a lot better would be IMHO already:
# ~/.monotone/keys/<user>:
| [publickey <user>]
| <base64-publickey>
| [end]
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]
Additionally, as you recommend, it certainly is also reasonable to store
the two parts differently. But perhaps better use an approach people are
already used to from other applications. Perhaps the SSH-style approach:
# ~/.monotone/keys/<user>.pub:
| [publickey <user>]
| <base64-publickey>
| [end]
# ~/.monotone/keys/<user>[.prv]:
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]
This way it is obvious both from the contents and filenames which part
is the public and which is the private one.
Ralf S. Engelschall
address@hidden
www.engelschall.com