You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 26, 2026. It is now read-only.
The private keys file (did:plc:....json) should be encrypted by default using a user-provided passphrase. It should be possible to opt-out of encryption but it should be on by default.
Need to research the best approach for key encryption, in particular best practices for TLS keys, code signing keys, SSH keys, crypto wallets, GPG keys, passkeys. Doesn't appear to be much prior art in the DID/ATProto space but I might be wrong.
Whatever approach is chosen needs to have a mature node implementation. We might end up going with age but let's not jump to a solution just yet.
The private keys file (
did:plc:....json) should be encrypted by default using a user-provided passphrase. It should be possible to opt-out of encryption but it should be on by default.Need to research the best approach for key encryption, in particular best practices for TLS keys, code signing keys, SSH keys, crypto wallets, GPG keys, passkeys. Doesn't appear to be much prior art in the DID/ATProto space but I might be wrong.
Whatever approach is chosen needs to have a mature node implementation. We might end up going with
agebut let's not jump to a solution just yet.