Aegis icon indicating copy to clipboard operation
Aegis copied to clipboard

Published 20 hours ago verified publisher icon beemdevelopment

Support for importing FreeOTP 2.0 encrypted backups

Open johnnynoone opened this issue 1 year ago • 6 comments

In version 2.0, FreeOTP gained the ability to export backups. The backups are encrypted and Aegis is currently unable to import them.

Additionally, 2.0 update notes say that tokens were migrated to KeyStore. As far as I understand, this might mean that the old method of importing the xml file no longer works.

johnnynoone avatar Jan 13 '23 00:01 johnnynoone

Sounds good to me, feel free to submit a PR!

(And indeed, the fact that FreeOTP now uses the Android Keystore for encryption means that we probably can't import directly from the app's internal storage anymore. Importing the backup file should be possible, though)

alexbakker avatar Jan 15 '23 21:01 alexbakker

wow freeotp got an update? I thought it was abandoned!

corobin avatar Jan 22 '23 00:01 corobin

What would this require technically? As an user, it seems like FreeOTP encrypted backups creates a file called externalBackup.xml which actually contains a mix of JSON and plain text data. Interestingly this file contains cleartext details about the tokens in the backup (including emails and app names). Only the actual HOTP/TOTP secrets seem to be encrypted.

To load the FreeOTP backup into Aegis, all that seems to be needed is the main passphrase that was entered into FreeOTP when first installing the app (or upgrading to v2+). For implementation details, perhaps the FreeOTP codebase can show how to make the import of decrypted backups.

Since FreeOTP uses the Apache 2 license, it should be possible to include code inspired by FreeOTP (for example related to handling encryrpted backups) in Aegis.

Greenheart avatar Aug 06 '23 07:08 Greenheart

I took a quick look at this today, but I don't think we'll be adding support for this until https://github.com/freeotp/freeotp-android/issues/381 is addressed.

alexbakker avatar Dec 27 '23 15:12 alexbakker

just to confirm, there's no functional way to import from freeotp at all atm (not just backups), as the original reporter and alex suspected. the 'import from app' route tries to import from a file called tokens.xml that doesn't exist any more, if you copy tokenStore.xml to tokens.xml it fails with a bunch of errors about missing algo and secret values. might be good to change the title of this issue to make the scope clearer?

AdamWill avatar Apr 12 '24 17:04 AdamWill

Only import from FreeOTP 2.0 and newer doesn't work. We've added a hint to allude to this (#1204) but perhaps there are a couple more places where we should make this explicit. Patches welcome.

alexbakker avatar Apr 12 '24 18:04 alexbakker