Andotp: Encrypted backup not possible - shown greyed

Created on 19 May 2018  路  17Comments  路  Source: andOTP/andOTP

General information

  • App version: 0.5.0.1 & 0.6.0-beta1
  • App source: F-Droid
  • Android Version: 8.1
  • Custom ROM: LineageOS 15.1

Expected result

What is expected?
after setting a password for backups, it should work

What does happen instead?
No encrypted backup possible

Steps to reproduce

  • go to options. set password for encrypted backup
  • try to create a encrypted backup
bug help wanted question

All 17 comments

That is strange, I just tried it on my phone and it worked. Could you get me a logcat?

I'm not at home the next days and i dont have root. Can i create a log?

Sadly I don't think so. All methods I know require root or access to a PC with adb on it.

Here the log:
andotp.txt

Thanks, I will have a look on Monday (I'm not at home over the weekend).

Seems like a KeyStore error again ...

Currently the backup password is stored encrypted with a key from the KeyStore to keep it save.
I will have to figure something else out for the next version but I really don't have an idea on how to do this better. Any hints are welcome.

I see two ways of doing this:

  1. We could use the encryption key from the "Password / PIN" based encryption to secure the backup password if that encryption method is selected.
  2. We could ask the user to enter (and confirm) the password manually every time a backup is created or imported. But this would break the Broadcast backups as we wouldn't store the backup password in the settings anymore.

And the quick and dirty fix would be to manually ask the user to enter a backup password just in case the loading from the KeyStore fails (or no password is set in the settings). I'll need some opinions on this.

Use Database Password would be good. As quick fix a manually Input is fine.

Ok I've had some thoughts on this, I'll note them down both to make sure I dont forget andfor anyone to point out any mistakes.

So this issue occurs because the keystone fails to give a reliable key (same as issue 16) which means the backup password can't be decrypted

Given that the keystone would be failing in this case it's reasonable to assume the user would be set to use pin/PW encryption, for which the broadcasts aren't supported amyway

Therefore I feel like if the user has set PW/pin as their encryption method we should use this to encrypt anything within the app and never use the keystone, this would also require showing a warning toast/popup if the keystone based backup failed

Sadly LineageOS doesnt fix the keystore problem yet..how is the status for create the password workaround?

Sadly I don't have much time (basically no time at all) to spend on andOTP at the moment (hopefully it will get better soon). Until then you can either use OpenKeychain to create PGP encrypted backups or use plain backups and encrypt them afterwards with a 3rd party app.

@beerisgood I just implemented the manual password entry as fallback. Would you mind testing a build? It would install as separate app so it won't interfere with your existing andOTP installation.

@flocke Sure!

Closed? Also where can i find this build

I closed it because I implemented the password fallback we discussed and I probably won't be changing the encryption of the password in the settings as I want to focus on re-writing the entire app from scratch. Feel free to reopen the issue if something comes up during your tests.

You can find the test build here: https://cloud.shadowice.org/s/ApMBq5jyYkA2t2f (Github won't allow me to upload APK files here).

The fix works great in LineageOS 15.1 (Android 8.1)!

Ah okay. Good News too!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

RichyHBM picture RichyHBM  路  3Comments

MartinX3 picture MartinX3  路  4Comments

jancborchardt picture jancborchardt  路  6Comments

alonbl picture alonbl  路  7Comments

SeppPenner picture SeppPenner  路  3Comments