> The person spamming right now would be you. You just posted a link, > without any explanations, any marketing blurbs, nothing.
I've explained everything as succinctly as I can in the readme. Pasting bits of it here would not benefit anyone. > Why would I use your tool instead of something established, that has > been properly audited — say, PGP for example? Did you read the page? PGP and Privy are used for different things. A key manager could, though, use Privy to store private keys. > How do I know your one-man project has no security holes, backdoors, > or other vulnerabilities? How do I know that the encryption method > chosen by you is sound? If there is no leaked data? Privy is a thin wrapper around Cryptography's (OpenSSL) Fernet interface https://github.com/pyca/cryptography/blob/master/src/cryptography/fernet.py and https://github.com/hynek/argon2_cffi which is simply a binding to https://github.com/p-h-c/phc-winner-argon2 Privy itself is really just 40 SLOC https://github.com/ofek/privy/blob/a3d4bdb24464ad85606c1ab5e78c58ae489b0569/privy/core.py#L42-L82 > And I really dislike the description of your project ... > What does “password-protecting” mean? Why is this not “encrypting”? This is encryption, but specifically by means of a password. This paradigm is often tricky to get correct. https://security.stackexchange.com/questions/88984/encrypting-with-passwords-encryption-of-key-vs-data > How do you expect this to work with API keys? Encrypted keys would likely be stored in a DB somehow. Check out https://github.com/fugue/credstash -- https://mail.python.org/mailman/listinfo/python-list
