Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.

From:	Ralf S. Engelschall
Subject:	Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
Date:	Tue, 20 Feb 2007 09:33:24 +0100
User-agent:	Mutt/1.5.13 OpenPKG/CURRENT (2006-08-11)

On Mon, Feb 19, 2007, Nathaniel Smith wrote:

> [...]
>   * It is not obvious how to find one's public key
>   * It is not obvious that ~/.monotone/keys/ contains private keys
>     (recently a very smart person sent me his private key
>     accidentally...)
>   * We would like to allow passphrase-less keys, but it should be
>     obvious when you have such a key
>
> Proposed solution: stick extra tags on the end of files we write to
> the keystore.  At read time, we can do just like we do now, and just
> read whatever files are there and suck out any keypair packets.  At
> write time, we peek at the key we're going to write, and name the file
> like <keyid>-<EXTRASTUFF>, where <EXTRASTUFF> is either "PRIVATE" or
> "PRIVATE,NO-PASSPHRASE", so people are always clear on what exactly
> they have when they look in the key dir.  So I might have
> ~/.monotone/keys/address@hidden  (We could also write out a
> pubkey packet for convenience, and stick that in a file with -PUBLIC
> stuck on the end.)

I think the tags should be even part of the file *content* as the file
content is usually copy & pasted around between application windows.
Currently the content reads...

# ~/.monotone/keys/<user>:
| [keypair <user>]
| <base64-publickey>#
| <base64-privatekey>
| [end]

..but a lot better would be IMHO already:

# ~/.monotone/keys/<user>:
| [publickey <user>]
| <base64-publickey>
| [end]
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]

Additionally, as you recommend, it certainly is also reasonable to store
the two parts differently. But perhaps better use an approach people are
already used to from other applications. Perhaps the SSH-style approach:

# ~/.monotone/keys/<user>.pub:
| [publickey <user>]
| <base64-publickey>
| [end]

# ~/.monotone/keys/<user>[.prv]:
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]

This way it is obvious both from the contents and filenames which part
is the public and which is the private one.

                                       Ralf S. Engelschall
                                       address@hidden
                                       www.engelschall.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Keystore usability -- passphraseless keys, etc., Nathaniel Smith, 2007/02/19
- Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Daniel Carosone, 2007/02/19
- Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Ralf S. Engelschall <=
  - Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Markus Schiltknecht, 2007/02/20
    - Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Ralf S. Engelschall, 2007/02/20
    - Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Markus Schiltknecht, 2007/02/21
- Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc., Nathaniel Smith, 2007/02/20

Prev by Date: [Monotone-devel] Re: popen replacement
Next by Date: Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
Previous by thread: Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
Next by thread: Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.
Index(es):
- Date
- Thread