[FEAT] encrypted backup of database and keyfile (and import)

[r0-n]

You can currently export the database in settings > database > export database... But could the following be considered: Export the database and keyfile (and other settings?) into one encrypted archive (7z?).

With the option:

• to put that encrypted archive on a cloud drive (google drive, dropbox,...?)
• auto detect insertion of an usb-volumename and then auto encrypt backup (database and keyfile) to that inserted drive. Maybe make this autobackup-feature only work when in 'settings > database'. Before selecting the option 'export database...', the user first inserts a usb stick into then if keepass2android detects a preset volumename a fourth option will appear in the 'select file format' dialog called something like "auto backup to [usb-volumename]"

It would also be great if an "import from encrypted archive" the user can then one shot restore keepass on the android device. (the user would need to grant read/write access to the keyfile location)

Thank you.

[PhilippC]

I don't get the idea behind this. If you are storing the key file next to the database, why do you have it at all? Having no keyfile is equally secure but easier to manage

[r0-n]

It's not about storing the database and keyfile at the same location. It's about backing up the the database and keyfile into an encrypted archive, the encrypted archive could also contain a settings-file which contains info on where to place keyfile.

When actually running keepass with a keyfile, the keyfile indeed needs to be located at a separate location.

It's more about an easy way to backup the database and keyfile into an encrypted archive, which then could be restored through keepass. (the user would need to supply the archive password and the login details for the cloud location if keyfile was stored in the cloud).

If it's an security issue to backup the database and keyfile into one encrypted archive then I understand, but it's still an encrypted archive....

Example:

• User made an backup through keepass android of the database and keyfile in an encrypted 7z file called "backup_kp.7z"
• User restores the "backup_kp.7z" backup which is encrypted thus needs to provide password for the 7z archive and then the database is restored and keyfile is placed at the correct location (not same location as database).

[PhilippC]

It's out of the scope of this app to provide archiving/backup features. The keyfile doesn't change, so you can back it a up separately. The kdbx file is encrypted anyway and doesn't need yet another encryption.