When importing a personal certificate (for digital signatures and identification on government websites) into Firefox I get asked for the password to decrypt the private key. However when using this certificate I do not get asked for a password to decrypt it. I assume this means that the private key is stored somewhere on disk unencrypted.
What I would like to achieve is to store the digital certificate in an encrypted state and get prompted every time it gets used for a password to decrypt it. I know this can be achieved by using a Firefox primary (formerly "master") password, however the problem with this approach is that the primary password is used also for passwords and other stuff stored in Firefox which means that I get prompted for the primary password every time I open Firefox and not just when using the digital certificate, which is kind of annoying since 99% of the time I'm surfing the web, I do not need to use the certificate. On Windows this behavior can be easily achieved by opting to use the Windows certificate store. That way, every time a website requests for me to identify using a personal certificate Windows prompts me for the password I set when importing it into the Windows certificate store.
Is there any way I can achieve this same (or similar) behavior on Linux (using Ubuntu 20.04 if that's relevant)? Maybe using the built in Seahorse certificate/password manager?
