(C++)Storing the certification files with the private keys

Storing the certification files with the private keys

Acceptance criteria

• check internal capabilities to storage private keys
• implement common solution for most of the popular OS - Windows, Linux, MacOS
• store the private keys at the file system, and encrypt them
• also Login/logout

Note Where the private keys will be stored its not yet decided, we can re-use the approach form JS library

changed the description

added backend label

mentioned in issue #2

assigned to @alexander.holodov

added P1 label

changed the description

changed milestone to %v0.7

added DevInProgress label and removed ReadyForDev label

changed milestone to %v0.8

changed milestone to %v0.9

added needs review label

removed DevInProgress label

!19 (diffs)

changed milestone to %v0.11

changed milestone to %v0.12

removed milestone

unassigned @alexander.holodov

changed title from Storing the certification files with the private keys to (C++)Storing the certification files with the private keys

assigned to @gospodin.bodurov

assigned to @daniel.lyubomirov and unassigned @gospodin.bodurov

@gospodin.bodurov @georg.greve @kalin.canov

I have a question about the storage requirements, in particular the case with multiple applications on one device. Let's say that the OS is windows and the user has Outlook and MS Office. Currently on the web and mobile, the user unlocks its account with a PIN code.

1. Do we need sharing of pin code, private key and certificates between the applications, for example if the user first adds a device through the Outlook application, is he going to use the same pin code in MS Office ?
2. Once the user unlocks his account in an application, and closes, and then reopens the same application, does he will need to enter his PIN again ? In other words do we need to remember the PIN ?
3. Once the user unlocks his account in one application, and then opens another application, will the account be already unlocked for him ?
4. Do we need to support more then one account per device ?

1. Do we need sharing of pin code, private key and certificates between the applications, for example if the user first adds a device through the Outlook application, is he going to use the same pin code in MS Office ?

If possible, we would want to share the identity (and pin code) between applications.

2. Once the user unlocks his account in an application, and closes, and then reopens the same application, does he will need to enter his PIN again ? In other words do we need to remember the PIN ?

PIN should be required:

• when starting a new session
• when starting the first Vereigned application

3. Once the user unlocks his account in one application, and then opens another application, will the account be already unlocked for him ?

Yes, if possible. The unlocked key should be stored in memory only - and forgotten when the last application that is using Vereign has been closed.

4. Do we need to support more then one account per device ?

Virtually all operating systems have user / session management. One session typically represents one person. On shared machines, the local identity should not be stored but be authorised ad hoc and wiped when done.

So for the persistent identity we only need one account per "session", which is what I assume you mean.

Does this help?

Thanks Georg, I will come back when i do some research for OS specific secure storage options.

removed needs review label

changed milestone to %Maverick Cold - v1.12

added DevInProgress label

changed milestone to %Nitro Cloud - v1.13

changed milestone to %Pilot Cobra - v1.15

changed the description

removed milestone

added ReadyForDev label and removed DevInProgress label

added Backlog label