Open Kissaki opened 10 years ago
This feature is really only useful if a passphrase is required to unlock the keystore, or if it integrates with the available system keystores. The latter would probably be ideal, but significant work. I'm not sure if a library exists to do this integration across platforms.
My suggestion would be to worry about encrypting the password at rest (if we are already doing this then please disregard). There are already great projects to manage passwords so we wouldn't need to increase the attack surface of the client by trying to create one.
Saved passwords must be encrypted in some manner.
We need later-readable passwords to be able to use them for later authentication, thus it has to be a symmetrical encryption (deencryptable).
Given we can find and use a system provided user-only-accessible data-point using it to encrypt would be a comparably simple implementation.
A more complex one would be to implement some kind of key-store, like Firefox uses for example, with an (optional) master key.