1.1. Passphrase handling

Passphrases are required when a private key needs to be accessed from the configured keystore. Such an access is only necessary for security relevant operations such as signing and decryption. Thus passphrases will only be queried for when performing such an operation.

To ease general usage, it is possible to cache the passphrase during a customizable amount of time. Is there a need to access the same private key again within that time frame, the cached passphrase can be reused and the user won't need to re-enter it again.

On the other hand it is also possible to explicitly clear the cached passphrase from memory. This prevents it from being obtained by other software which might be scanning the memory for such sensitive information.