This might ( no promises ) be something I could find time for. Could you assign this to me to help me not to forget?

Also if you have any quick pointers on what needs to happen that would be cool, too. 🙂

Awesome.

Every id belonging to the user (OwnId) is stored "locked" on disk, with its secret key encrypted (sealed) with user provieded passphrase.

Changing a passphrase should be as simple as unlocking it, asking for a new passphrase, and locking it again, just like when it was created.

Oh, sweet. That sounds like a piece of 🍰 then. 😃

BTW. Saving the id should use safe overwritting: write tmpfile, flush, sync, rename, sync, to make it impossible to corrupt the file on crash and loose the identity. There's even a common function for that but since we never before overwrote it, I never got to change it to use it.

Oh, and user should be prompted to make a new backup, since the old backup will still use old passphrase, which the user might soon forget.

And yeah, this 🤞 shouldn't be too much work.