I have an SSH key that I use to commit changes to GitHub repos, but it makes me uneasy to have the private key just sitting there, unencrypted, on my computer.
I mean, many programs have read/write permissions, couldn’t they, in theory, contain malicious code that would exfiltrate any private keys on the file system?
I could generate keys with passphrases, but it’s inconvenient to have to type it in every time i want to do a commit.
I guess this also applies to PGP keys.
So, are there any safer ways to store and handle private keys?