The subject is not out of scope if you decide to store the private key blob in the cloud...
That looks to me like it might be the answer in some cases. I would rather guarantee that the blob is strongly encrypted and can't be lost than have the user export them to a USB stick under a weak password that they chose. Peter has an interesting collection of PKCS#12 files... Storage on the target device is preferably in a form that does not support or better actively resists extraction. But that is quite expensive and difficult to do well. There are issues such as leaking the key when it is used (power analysis) that are hard problems.
_______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
