On Thu, Sep 11, 2014 at 2:11 PM, Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> wrote: > > I don't think anyone has worked on it since, so I guess it actually doesn't > encrypt the keys. OK, I kind of figured that was the case but was hopeful someone had worked on it... > While it would be nice to have an encryption API, it really shouldn't hold > up that work. It's a also a good idea to actually use an API before thinking > of designing a new one :-) Yes that is a good point. The method of encrypting shouldn't matter much to clients of BKeyStore anyhow. OpenSSL is probably the obvious choice but I was also looking at NaCl [1] from Daniel J. Bernstein. 1. http://nacl.cr.yp.to/ -- Regards, Ryan