Encrypt client certificates

[PumpkinPie0]

Does Lagrange support encrypting certificates so that you need to enter a password when you need to use a specific identity? I have not seen any mention of such a feature anywhere, but it just seems like such an obvious feature. If a capsule uses certificates for logging into an account, then that certificate is a bit like a username and password. I'd prefer if my browser didn't store passwords in plain text.

[skyjake]

No, this is not supported at the moment.

I agree it would make sense to store client certificates in a secure encrypted keychain. The implementation is a bit nontrivial, though:

• One would need to use the platform's built-in facilities for this. For example, on iOS you have the iCloud keychain that you can unlock easily with Face ID. Similarly, on Windows you have various PIN/Hello unlocking methods.
• As a fallback, one would also need a platform-independent encryption method, with unlocking using a normal password. In practice, I'd have to roll my own solution using the encryption functions provided by OpenSSL, because adding new dependencies for a different encryption method seems excessive.
• One option/alternative is to rely on third party keychains, such as pass on Linux (assuming it supports arbitrarily long "passwords" to store a serialized certificate), and password managers (Bitwarden, 1Password, etc.), but those are also very platform-specific. The advantage here is that syncing the certificates could be done by the third party.

The platform-independent option, only doing the custom password-encryption, is not feasible in my opinion, because it would be inferior in security to many platform offerings, and also less convenient than biometric unlocking.

However, one can also argue that implementing any of this is not truly necessary. No service in Geminispace requires this high a level of security, as we have nothing related to money, banking, personal information/identification, or other such sensitive data.

Long story short, I'll probably implement something related to this at some point, but I'll need to balance the implementation cost, UX disadvantages, actual security improvements, and availability on all the supported platforms.