Tech
As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs.
Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc.
NFC
Read tag -> decrypt using tag -> write new tag
- Easily be lost together with the smartphone
- Protects against shoulder surfing
- Remote readable when in pocket?
Lockpattern
- Weak: Offline brute force attacks
- Smudge attacks
PIN
- Weak: Offline brute force attacks
Export
As on private key export for a new extra long passphrase to protect against offline attacks!
Attack model
Differentiate between offline attacks and attacks where an attacker has only short access to the smartphone UI.