Private keys should be encrypted

[BrendanBenshoof]

You could encrypt the entire config file, but by default ipfs should password protect the private key (setup during init process) and not store the private key in the clear on disk (or ideally in memory that could be leaked, but that is a lot harder).

[whyrusleeping]

We are going to move the key out of the config file and encrypt it at some point.

[whyrusleeping]

related #783

[whyrusleeping]

This should be addressed once the keystore is implemented

[Kubuxu]

My proposal for multikey was embedding key protection schema in to the multikey itself, I don't know if we want to go with it, but it would be nice thing to have.

[jbenet]

@Kubuxu can you explain more?
On Wed, Aug 24, 2016 at 07:48 Jakub Sztandera notifications@github.com
wrote:

My proposal for multikey was embedding key protection schema in to the
multikey itself, I don't know if we want to go with it, but it would be
nice thing to have.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#826 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAIcofbJAvaf0rNCNfwDr2fnt3rElrimks5qjC-YgaJpZM4Dl4DP
.

[Kubuxu]

ipfs/specs#58
In short terms: first varint describes key protection schema which has to be applied to decrypt the key.