diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-01-25 15:21:19 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-01-25 15:21:19 -0400 |
commit | 6da465ce37d737951fe61e32327002e0bf1a1aa1 (patch) | |
tree | 911d0bedb19302897dd33036046189c950a02c6f | |
parent | 9211f8aed5805437c5c9d120e265f24c9bbebe07 (diff) | |
download | keysafe-6da465ce37d737951fe61e32327002e0bf1a1aa1.tar.gz |
todo
-rw-r--r-- | TODO | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -2,6 +2,20 @@ Soon: * Finish vetting 2 servers to Recommended. * Set up --check-servers in a cron job, so I know when servers are down. +* Remove gpg key passohrase from gpg keys that keysafe backs up. + The reason for this is that the user may well forget their gpg key + passphrase, and it's *weird* to restore a key with keysafe's password + and then have it passphrase protected. + The gpg key passphrase is intended only to keep a key from being used + for a short period of time (a week or so) when the device holding it + is known to have been compromised, so the key can be revoked. + This doesn't really apply to keys backed up with keysafe -- if they get + compromised somehow, the user won't know, and cracking the gpg passphrase + should be almost trivial to an attacker who was able to break keysafe's + password. + paperkey can remove gpg key passphrases. Is there any better way? + It might make sense for keysafe to prompt for a new gpg passphrase + when restoring. Later: |