Secure Keys

[pauleaster]

The idea of storing the keys in the environment is not secure. At the moment they are in plain text in ~/.config/config.fish.
A better solution is this:

1. Create a service, EBKeyService, that runs under a user ebkeyservice.
2. This service is an special implementation of a server.
3. The service will store its certificate in /etc/ssl/certs as ebkeyservicecert.pem
4. The service will store its private key in /etc/ssl/private as ebkeyservicekey.pem
5. The application server or client uses a private key saved as ~/.ssl/ebserverkey.pem or ~/.ssl/ebclientkey.pem
6. The application server or client uses a certificate saved under ~/.ssl/ebservercert.pem or ~/.ssl/ebclientcert.pem
7. Upon launch, the client or server will establish a connection with the EBKeyService using the credentials stored in ~\.ssl and will request the true private key.
8. This private key will be used in combination with the certificate stored in ~\.ssl to communicate to the server or client.