Andotp: The backup can not be gpg encrypted with only a pubkey

Created on 19 Aug 2017  路  18Comments  路  Source: andOTP/andOTP

Motivation:
I do not actively use gpg on my phone but would like to use it to encrypt backups.
I have OpenKeychain installed and my personal public key imported, but I keep no private gpg key on the phone.
This should be sufficient to encrypt the backup, I am aware that I could not re-import the backup like that.

Setup:

  • andOTP and OpenKeychain installed
  • Setup up accounts in andOTP
  • Empty keychain in OpenKeychain
  • Import just a gpg public key in OpenKeychain (still no entry in "My Keys")
  • Set OpenKeychain as gpg provider in andOTP
  • Try to select the imported gpg key for encryption

Result:

  • The imported gpg key can not be selected to be used for encryption

Expected:

  • I can use a gpg key without a private key on the android device to encrypt my backups
upstream

Most helpful comment

I've implemented it as already discussed. The encryption key is now selected by simply entering a mail address. If there is no key matching this address the user is asked by OpenKeychain to manually select a key during the creation of the backup (for some reason it is possible to select a public-only key here).

Additionally a second private key can be selected in the settings to sign the backup (optional).

All 18 comments

This seems to be a limitation of the current API provided by OpenKeychain. See this bug report: https://github.com/open-keychain/open-keychain/issues/1558
I'm gonna head over there and ask if there is any way to get this done.

_Sent from my Google Nexus 5X using FastHub_

+1

Can't do anything about it until the API is fixed/updated.

Maybe label this as an 'upstream bug'?

Good idea @asmw, done.

@flocke Hi. Do I need to install Open Keychain in order to encrypt backups? Or is it only needed to sign encrypted backups with a key? I ask because even though I've already set a 'Backup Password' in 'Settings', the 'Encrypted backups' option continues to remain greyed out. Database encryption is set to Password/PIN (I use a PIN).

If you want to use password-encrypted backups you do not need to install OpenKeychain. Once you set a password in the settings it should be available.

While it's not possible to select a public key with intents, I wonder if it is possible to have an option to specify key manually (by typing in the full hexadecimal ID or, maybe, using associated email address and EXTRA_USER_IDS extra)?

While surely not exactly convenient, it's one-time thing and in terms of security, it surely beats having the backup's private key on device.

Not sure but maybe, make the current key selection option act as "signing key" and then add another setting that allows to specify a different key to encrypt to. If none is set, signing key would be used, fully backward compatible and saving users from typing anything. However, if it's set, it will be used instead.

What do you think?

I thought about this as well already. While I think this is not nearly as elegant as having the key selection we have now it would certainly be an option.
If there is still no movement on the issue I linked in the 2nd post after the next release (0.4.1) I might do it anyways.

And yes, we can use the already existing key selection as signing key. This was already my plan after the public-key only selection was possible.

I wonder if it is possible to have an option to specify key manually (by typing in the full hexadecimal ID

While I think this is not nearly as elegant as having the key selection we have now

Just a thought. Manually typing public key hex ID has another great upside: I no longer have to carry around an external app (openkeychain) just so I can encrypt backups on andOTP. It's less "magic" all around.

EDIT: Also note this is precisely how you pass e.g. Github your public keys, so it doesn't seem to be unusual practice.

I'm gonna take another look at this soon. This is something I would like to include in the next major release (0.6.0).

@JoaoAparicio You will always need another app like OpenKeychain to handle the encryption and decryption. Otherwise I would have to add a lot of PGP functions to andOTP directly which is something a simple 2FA app doesn't need (and OpenKeychain will probably always do better).

Normally it schuld be possible to encrypt with the public key, and only the owner of the private key is able to decrypt the file.
Isn't that possible with openkeychain?

It's the same as with encrypting emails...

@5t0rmr1d3r Yes, that is also possible with OpenKeychain.

The main problem is that the preference item I use to select the PGP key used to encrypt the backup allows you only to select private keys and there is no preference item in the OpenKeychain API that allows for selection of public keys.

Currently the only solution would be to replace the settings item with a simple text input where you can put the mail address for the public key manually.

@flocke for me, your solution sounds good, maybe with a check in openkeychain if a pup key is existent for the entered email address.

Yeah, I'm gonna try to get something like that working sometime next week and release a new beta version. I'm to busy for anything related to andOTP this week sadly.

@flocke thanks for your great job with this fantastic app!

This is awesome, thank you.

I've implemented it as already discussed. The encryption key is now selected by simply entering a mail address. If there is no key matching this address the user is asked by OpenKeychain to manually select a key during the creation of the backup (for some reason it is possible to select a public-only key here).

Additionally a second private key can be selected in the settings to sign the backup (optional).

Was this page helpful?
0 / 5 - 0 ratings