can’t when then just use:
https://man7.org/linux/man-pages/man7/keyrings.7.html
for this? If I understand it properly, there’s this property “posession” which looks just how we’d like to have it.
The simple rule would be:
- on boot up, decrypt user mail password using pin code,
- start up mail daemon, and load up the password into keyring and set proper permissions so only mail thread can access that password
Potential problems:
- when mail deamon crashes, user needs to type pin code again to decrypt password, as password is not stored in memory.
@flypig what you think about this?
Tbh this could be used also for other services for example accounts but it would require always to have a daemon that will startup when the phone starts to automatically load up password, or if done later, a user prompt will be required to unlock the secure storage each time app is started.
Well probably someone that’s more into security will for sure make it even better, but this is something that came out to my mind, maybe it’s worth rethinking?