Protect private key in exported identity

Even if we assume the device to be secure by definition, the exported identity could be sent from device 1 to device 2 via insecure channel. If the user does not use a secure channel, the private key is disclosed. Hence the private key should be encrypted with a key derived from a password during the export and decrypted during the import (as it is usually done with private keys).
