even if a keychain was somehow secure and restricted access to that program only, you are only a memory dump away from getting the key
and since it’s same user that can be done with no privileges
it should be viewed as a way to delegate encryption at rest of secrets to the OS, nothing else
but you really should just do FDE
Is there no way to used key stretching to encrypt the key in RAM again?
Please Login to reply.
where do you store the key for encrypting the key in RAM
in RAM of course
In a secure element if possible.
