Re: [Monotone-devel] Keystore usability -- passphraseless keys, etc.

Tue, 20 Feb 2007 00:34:03 -0800 

On Mon, Feb 19, 2007, Nathaniel Smith wrote:

> [...]
>   * It is not obvious how to find one's public key
>   * It is not obvious that ~/.monotone/keys/ contains private keys
>     (recently a very smart person sent me his private key
>     accidentally...)
>   * We would like to allow passphrase-less keys, but it should be
>     obvious when you have such a key
>
> Proposed solution: stick extra tags on the end of files we write to
> the keystore.  At read time, we can do just like we do now, and just
> read whatever files are there and suck out any keypair packets.  At
> write time, we peek at the key we're going to write, and name the file
> like <keyid>-<EXTRASTUFF>, where <EXTRASTUFF> is either "PRIVATE" or
> "PRIVATE,NO-PASSPHRASE", so people are always clear on what exactly
> they have when they look in the key dir.  So I might have
> ~/.monotone/keys/[EMAIL PROTECTED]  (We could also write out a
> pubkey packet for convenience, and stick that in a file with -PUBLIC
> stuck on the end.)

I think the tags should be even part of the file *content* as the file
content is usually copy & pasted around between application windows.
Currently the content reads...

# ~/.monotone/keys/<user>:
| [keypair <user>]
| <base64-publickey>#
| <base64-privatekey>
| [end]

..but a lot better would be IMHO already:

# ~/.monotone/keys/<user>:
| [publickey <user>]
| <base64-publickey>
| [end]
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]

Additionally, as you recommend, it certainly is also reasonable to store
the two parts differently. But perhaps better use an approach people are
already used to from other applications. Perhaps the SSH-style approach:

# ~/.monotone/keys/<user>.pub:
| [publickey <user>]
| <base64-publickey>
| [end]

# ~/.monotone/keys/<user>[.prv]:
| [privatekey,no-passphrase <user>]
| <base64-privatekey>
| [end]

This way it is obvious both from the contents and filenames which part
is the public and which is the private one.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com



_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel

Reply via email to