Description
I wanted to have a quick discussion on what the role of the key store should be as the lines seem a bit blurry (to me) right now.
I guess my main question revolves around the passphrase parameters in things like:
bool
rnp_key_store_write_to_mem(rnp_t * rnp,
rnp_key_store_t *key_store,
const uint8_t * passphrase,
const unsigned armour,
pgp_memory_t * memory)So if we had 1000 unencrypted keys in this key store, it would use the same passphrase to encrypt all of them, which is a bit odd. This issue is mostly avoided currently because our key generation involves immediately writing the generated key to disk (when the generated key is the only decrypted key in the store).
This is basically inherited from netpgp, where saving a keyring involved pgp_write_xfer_*key (which we still do in master, though it's not correct). This is also one of the reasons we don't currently support writing out a keyring that contains an unencrypted (loaded) key.
My initial thoughts are that we should be able to:
- Load an entire keyring of encrypted+unencrypted (s2k_usage==0) keys in to memory (not providing any passphrases) and just temporarily decrypt keys when needed (we already do this).
- Write this entire keyring out, unchanged. (full round-trip)
- We should provide an API to explicitly set/remove/change a passphrase for a particular key.
I did tackle the first 2 for .gpg/.kbx in my branch here
But it seems worth discussing whether the key store should deal with passphrases and key encryption/decryption. I personally lean towards no at the moment.
(Also I haven't spent time looking at the private-keys-v1.d/s-expr format so I don't know if that adds restrictions, etc.)