Comment by jcgl
1 day ago
> every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.
Yes, I believe you should. On OSes without sandboxing and protections against exfiltration, this is a substantial concern. And you’d be foolish to e.g. keep a bitcoin private key lying around in your home dir. For this same reason, I think the common practice of leaving non-password-protected SSH keys in ~/.ssh is terrible.
Sure it's a bad idea to not encrypt your private keys, but the point here was that, even if you encrypt them, they will be unencrypted when you need to use them.