Cheat Mode for Private Keys

In order to follow best practice, our .private key files are always protected by a password. A random value with enough length and entropy is always proposed by the ECC tool when a key pair is generated, and could be used directly.
It is always preferred to trust a computer to create true randomness (and SynCrypto.pas's secure TAESPRNG was designed to be the best possible seed, using hardware entropy if available), than using our human brain, which could be defeated by dictionary-based password attacks.
Brute force cracking would be almost impossible, since PBKDF2_HMAC_SHA256 Password-Based Key Derivation Function with 60,000 rounds is used, so rainbow tables (i.e. pre-computed passwords list) will be inoperative, and each password trial would take more time than with a regular Key Derivation Function.

The issue with strong passwords is that they are difficult to remember. If you use not pure random passwords, but some easier to remember values with good entropy, you may try some tools like https://xkpasswd.net/s which returns values like $$19*wrong*DRIVE*read*61$$.
But even then, you will be able to remember only a dozen of such passwords. In a typical public key infrastructure, you may create hundredths of keys, so remembering all passwords is no option for an average human being as (you and) me.

At the end, you end up with using a tool to store all your passwords (last trend is to use an online service with browser integration), or - admit it - store them in an Excel document protected by a password. Most IT people - and even security specialists - end with using such a mean of storage, just because they need it.
The weaknesses of such solutions can be listed:

How could we trust closed source software and third-party online services?
Even open source like http://keepass.info/help/base/security.html may appear weak (no PBKDF, no AFSplit, managed C#, SHA as PRNG);
The storage is as safe as the "master password" is safe;
If the "master password" is compromised, all your passwords are published;
You need to know the master password to add a new item to the store.

The ECC tool is able to work in "cheat mode", storing all .private key files generated passwords in an associated .cheat local file, encrypted using a cheat.public key.

As a result:

Each key pair will have its own associated .cheat file, so you only unleash one key at a time;
The .cheat file content is meaningless without the cheat.private key and its master password, so you can manage and store them together with your .private files;
Only the cheat.public key is needed when creating a key pair, so you won't leak your master password, and even could generate keys in an automated way, on a distant server;
The cheat.private key will be safely stored in a separated place, only needed when you need to recover a password;
It uses strong File Encryption, with proven PBKDF, AFSplit, AES-PRNG, and ECDH/ECIES algorithms.

By default, no .cheat files are created. You need to explicitly initialize the "cheat mode", by creating master cheat.public and cheat.private key files:

 >ecc cheatinit
Enter Issuer identifier text of the master cheat keys.
Will be truncated to 15-20 ascii-7 chars.
Issuer [arbou] :

Enter a private PassPhrase for the master cheat.private key (at least 8 chars).
Save this in a safe place: if you forget it, the key will be useless!
NewPass [uQHH*am39LLj] : verysafelongpassword

Enter iteration rounds for the mastercheat.private key (at least 100000).
NewRounds [100000] :

cheat.public/.private file created.

As you can see, the default number of PBKDF rounds is high (100000), and local files have been created:

>dir cheat.*

18/10/2016  11:12             4 368 cheat.private
18/10/2016  11:12               568 cheat.public

Now we will create a new key pair (in a single command line, with no console interaction):

>ecc new -newpass NewKeyP@ssw0rd -noprompt

Corresponding TSynPersistentWithPassword.ComputePassword:
encryption HeOyjDUAsOhvLZkMA0Y=
authMutual lO0mv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=
authServer lO0nv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=
authClient lO0kv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=

D1045FCBAA1382EE44ED2C212596E9E1.public/.private file created.

An associated .cheat file has been created:

>dir D10*

18/10/2016  11:15             1 668 D1045FCBAA1382EE44ED2C212596E9E1.cheat
18/10/2016  11:15             2 320 D1045FCBAA1382EE44ED2C212596E9E1.private
18/10/2016  11:15               588 D1045FCBAA1382EE44ED2C212596E9E1.public

Imagine you forgot about the NewKeyPssw0rd value. You could use the following command to retrieve it:

>ecc cheat

Enter the first chars of the .private certificate file name.
Auth: D10

Will use: D1045FCBAA1382EE44ED2C212596E9E1.private

Enter the PassPhrase of the master cheat.private file.
AuthPass: verysafelongpassword

Enter the PassPhrase iteration rounds of the cheat.private file.
AuthRounds [100000] :

{
"pass": "NewKeyP@ssw0rd",
"rounds": 60000
}
Corresponding TSynPersistentWithPassword.ComputePassword:
encryption HeOyjDUAsOhvLZkMA0Y=
authMutual lO0mv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=
authServer lO0nv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=
authClient lO0kv+8VpoFrrFfbBFilNppn1WumaIL+AN3JXEUUpCY=

If your .private key does not have its associated .cheat file, you won't be able to recover your password:

>ecc cheat

Enter the first chars of the .private certificate file name.
Auth: 8BC9

Will use: 8BC90201EF55EE34F62DBA8FE8CF14DC.private

Enter the PassPhrase of the master cheat.private file.
AuthPass: verysafelongpassword

Enter the PassPhrase iteration rounds of the cheat.private file.
AuthRounds [100000] :

Fatal exception EECCException raised with message:
Unknown file 8BC90201EF55EE34F62DBA8FE8CF14DC.cheat

In practice, this "cheat mode" will help you implement a safe public key infrastructure of any size. It will be as secure as the main cheat.private key file and its associated password remain hidden and only wisely spread, of course. Don't forget to use the ecc rekey command on a regular basis, so that you change the master password of cheat.private. The main benefit of this implementation is that for all key generation process, only the cheat.public key file is needed.

The updated documentation is the place to find latest information about this feature.

Synopse Open Source

Cheat Mode for Private Keys