What is the most secured way to store private key on the client’s machine

I’m building the equivalent of a blockchain wallet, it is an end-to-end encryption desktop program, the user (client) must be the only one to know his private key, with this private key, he can send funds or perform some potentially very critical operations, of course he just sends messages signed with the private key.

The UX allows the user to save his private key, so it can be reused later by the same application.

For obvious reasons, I need to encrypt this private key (64 characters string) some way or another, so any other program or person that has access to the file system cannot read it.

What are the state-of-the-art or recommended practice to adress this critical issue ?

Is there some OS features that allow only one program to read/put some data ?

Thanks

Inovke Secured Web API from remote event receiver

I have a Remote Event Receiver developed/deployed for SharePoint online using hosted-addin. This add-in can be deployed in different sharepoint online enviroments. When item added event gets triggered another list gets updated.

To update the list with data, a WebAPI gets invoked which is secured using OAuth. How i can invoke the WebAPI to get the needed data.

I am able to get the context of sharepoint to manage the list data and access token is also available. Can this token be passed somehow to get the API authericated and how ??

I guess the token available is for sharepoint and not for the webapi.How this can be made working??

Is it possible to verify the requesting user for a REST transaction secured by JWT at a later date?

I have a React (Javascript) single-page application that authenticates users via username/password/MFA to Keycloak, receives a signed JWT upon successful authentication, and then uses that JWT to call stateless/session-less REST services.

With this setup, or with additional “moving parts” to be added to the overall system, is there a way to at a later date to assert that a certain user identity was responsible for a transaction? Assume that we are able to store any/all data that is in-context (i.e., is part of the REST call for the transaction) at the time the transaction is requested.

Thanks to @alnbhclyn for their thoughts below. I think I need to clarify — the key gap above seems to be the link between a JWT and the specific contents of a transaction. Is there a means of “signing” the transaction with the JWT or some part thereof such that a positive link between the two can be made at any point in the future?

how can i ship a secured postgresql with my commercial app [on hold]

am developing a commercials app using nwjs and postgresql as a database, but since I have to ship postgresql database with my commercial app, client can find hba config file, they can configure postgresql to use host based authentication, that makes postgresql not to prompt a password. so my question is how can I make postgresql prompt password no matter what hba config is or other config file is? thanks!