Allow management of private key and/or identity #84
Assignees
Milestone
Comments
|
Fantastic request and very much inline with the new work we are kicking off. |
|
That's awesome to hear. 😉 Is there a possible workaround in the meantime for backing up the keyring? I'm assuming the keyring file can't simply be copied from the filesystem since it's saved to a path generated by |
|
Releasing coming often now, so standby... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now it's difficult to demonstrate ownership of a key and the associated signed files. One can take new pictures and show that those are signed with the same key as any photo requiring proof of ownership, but if the app has to be reinstalled or a phone is lost then there is no backup of the secret and it is essentially impossible to prove who produced the evidence.
A simple improvement is to give the user the option to set or modify the
keyIdstring to something unique and identifiable.https://github.com/guardianproject/proofmode/blob/39b6a9e5c7b2ddd627f39b25548c24b73cecdd21/android-libproofmode/src/main/java/org/witness/proofmode/crypto/PgpUtils.java#L78
This probably also requires allowing the user to generate and swap between multiple keys if there is a need to generate both anonymous and attributable evidence.
A more robust approach is to allow users to manage the private key. Being able to import an existing key as in #40 would be ideal. Exporting the private key or an encrypted backup would also be minimal solutions to the problem.
The text was updated successfully, but these errors were encountered: