egregors
commented
1 month ago seems to want to do sync outside of the OS Sync.
Ja, exactly. The general goal here is to create an OS-agnostic synchronization system. To be honest, I find the trend toward real syncing of key pairs between devices a bit controversial. For example, like what 1Password or Apple does. It kind of ruins the whole idea of security by keeping keys on the device.
I believe this part should be handled on the server side, where public keys are stored. First, the private key still doesn’t leave the security device. Second, this approach allows us not only to associate several key pairs with one user, but also to provide different permissions for these keys. Just imagine, you have, let’s say, one key just for login and another one for performing more dangerous actions.
gedw99
I was thinking about this and just now found an example by accident, so just wanted to log it here to discuss.
Demo: https://community.fsfe.org/t/linqa-a-free-software-bilingual-collaboration-platform-developed-with-public-money/1185
Its Discourse: https://github.com/discourse/discourse
I am also wondering if this is a goal of your project ? It might not be, because the KeyTool seems to want to do sync outside of the OS Sync.