The tuf command should default to saving keys in encrypted form using a passphrase. The passphrase should be passed interactively by default with an option to pass it via an environment variable (as a very weak attempt to prevent it from leaking to observers of ps). An option to disable encryption (like --insecure-plaintext-key or similar) should be provided as well.

The encryption steps are as follows:

• Retrieve a 32 byte random salt using crypto/rand
• Pass the salt and passphrase to scrypt with the following parameters:
  • N=32768
  • r=8
  • p=1
  • length=32
• Retrieve a 24 byte random nonce using crypto/rand
• Encrypt the entire key JSON (in the same format that the plaintext key is stored) using nacl/secretbox
• Persist the salt, parameters, nonce, and ciphertext to the JSON file

The N parameter was chosen to be ~100ms of work using the default implementation on the 2.3GHz Core i7 Haswell processor in my late-2013 Apple Retina Macbook Pro (it takes 113ms).

The JSON should probably look something like this:

{
  "_type": "encrypted-key",
  "kdf": {
    "name": "scrypt",
    "params": {
      "N": 32768,
      "r": 8,
      "p": 1
    },
    "salt": "<base64 encoded bytes>"
  },
  "algorithm": {
    "name": "nacl/secretbox",
    "nonce": "<base64 encoded bytes>"
  },
  "ciphertext": "<base64 encoded bytes>"
}