I think the keystore, ~/.monotone/keys, could be more usable. (And this is an area where usability is important for security.)

Problems:

  • It is not obvious how to find one's public key
  • It is not obvious that ~/.monotone/keys/ contains private keys (recently a very smart person sent me his private key accidentally...)
  • We would like to allow passphrase-less keys, but it should be obvious when you have such a key

Proposed solution: stick extra tags on the end of files we write to the keystore. At read time, we can do just like we do now, and just read whatever files are there and suck out any keypair packets. At write time, we peek at the key we're going to write, and name the file like <keyid>-<EXTRASTUFF>, where <EXTRASTUFF> is either PRIVATE or PRIVATE,NO-PASSPHRASE, so people are always clear on what exactly they have when they look in the key dir. So I might have ~/.monotone/keys/njs@pobox.com-PRIVATE. (We could also write out a pubkey packet for convenience, and stick that in a file with -PUBLIC stuck on the end.)