feat(login) password login using encrypted nsec

Enables the user to only handle the nsec upon first use of the tool
by encrypting it with a password and storing it on disk in an
application cache.

The approach to encryption draws heavily from that used by the gossip
nostr client.
 - unencrypted nsec is zeroed from memory
 - a salt is used to defend against rainbow tables
 - computationally expensive key stretching defends against
   brute-force attacks of passwords with low entropy.

There is UX trade-off between decryption speed and key-stretching
computation. This UX challenge is exacerbated in a cli tool as
decryption must take place more regularly. Thought was put into the
selected n_log and a heavily reduced value is provided for long
passwords where security benefits are smaller.

A more granular reducing in computation was also considered by
rejected to avoided to revealing just how weak a password is as most
weak passwords are reused.

1 files changed, 8 insertions, 0 deletions

diff --git a/Cargo.toml b/Cargo.toml
index e745441..6d8ebaf 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,16 +13,24 @@ categories = ["command-line-utilities","git"]
 
 [dependencies]
 anyhow = "1.0.75"
+chacha20poly1305 = "0.10.1"
 clap = { version = "4.3.19", features = ["derive"] }
 dialoguer = "0.10.4"
 directories = "5.0.1"
+keyring = "2.0.5"
+nostr = "0.23.0"
+passwords = "3.1.13"
+scrypt = "0.11.0"
 serde = { version = "1.0.181", features = ["derive"] }
 serde_json = "1.0.105"
+zeroize = "1.6.0"
 
 [dev-dependencies]
 assert_cmd = "2.0.12"
 duplicate = "1.0.0"
 mockall = "0.11.4"
+once_cell = "1.18.0"
+rexpect = "0.5.0"
 serial_test = "2.0.0"
 test_utils = { path = "test_utils" }