No, the keyring uses the passphrase to verify that it can properly read the key and get it's values. localStorage only holds the armored key.
Sean On Wed, Mar 28, 2012 at 2:28 AM, Tankred Hase <[email protected]> wrote: > Hi, > > I have a question regarding the keyring. When the user logs in for the > frist time, a new keypair is generated and stored in the keyring: > > var keys = openpgp.generate_key_pair(1, numBits, userId, passphrase); > openpgp.keyring.importPrivateKey(keys.privateKeyArmored, passphrase); > openpgp.keyring.importPublicKey(keys.publicKeyArmored); > openpgp.keyring.store(); > > Does this mean the red peace of code mean that the user's passphrase is > stored along with his private key in the HTML5 local storage? I'm not quite > sure what the best practice is in terms of passphrase handling. Thanks > > Tankred > > _______________________________________________ > > http://openpgpjs.org > >
_______________________________________________ http://openpgpjs.org
