- May 24, 2018
I gave all possible options, only some of which are called upon in the spec & I also differentiated by key type what I think are the handling requirements and inherent risks. Thank you for illuminating your observations of that, but if what you just said above is true then I need to reread the spec because I can see some serious security issues in your description & some of those in previous posts, which was my reason for speaking up.@ramriot, I don't know where you got the idea for an "unencrypted export" from, but afaik, there is no such thing - neither in the spec, nor in any client implementation I've come across.
In the S4 storage format (which is used for export/import as well, only with varying block types present) ALL key material will ALWAYS be encrypted, either under the users master password or the rescue code.
So I don't really understand what you're getting at here. Am I missing something?