Open robled opened 5 years ago
ColdGrub1384
commented
5 years ago The passphrase is stored in the iOS keychain, which is encrypted. https://github.com/ColdGrub1384/Pisth/blob/286468c476d6931212358767f437deee4d651d31/Pisth%20Shared/Pisth%20Shared/View%20controllers/ConnectionInfoTableViewController.swift#L162
robled
commented
5 years ago Oh, that's pretty cool! Does this mean that I should see an entry for it in Settings -> Passwords & Accounts? Is it decrypted at connection time via Face ID? Apologies for all the basic questions, as I'm pretty new to iOS.
Not sure if I missed something in the UI, but since other SSH clients make it fairly clear to the user that the key is encrypted on-disk, it might be helpful to have a little message somewhere near where you put in your passphrase to inform the user of this.
ColdGrub1384
commented
5 years ago Passwords are not stored in Passwords & Accounts. By Keychain, I meant an API by Apple to encrypt things in apps. https://developer.apple.com/documentation/security/keychain_services
I will add a message for making clear the data is encrypted
I'm running Pisth version 11.3.1. If an encrypted SSH private key is added to the client, it seems that the passphrase for decrypting that SSH private key is saved in the host profile. It seems that this passphrase is stored permanently (plaintext?). The private key should remain encrypted on disk at all times, and only decrypted in-memory when the user connects to a host and enters the passphrase.