passforios icon indicating copy to clipboard operation
passforios copied to clipboard

Published 20 hours ago verified publisher icon mssun

Suggestion: Provide instructions for QR code transfer.

Open equwal opened this issue 4 years ago • 5 comments

The page for generating an SSH key gives come CLI instructions for generating a new key.

I suggest also providing instructions for how to transfer it using QR codes (which is a very obvious and secure choice for transferring a few bytes to a phone).

The first thing is that a full 4096 key will not fit in a QR code because it is too large (https://stackoverflow.com/questions/11065415/how-much-data-information-can-we-save-store-in-a-qr-code).

Using the split utility an two codes can get around this (and imports flawlessly already this way).

split -b 2900 .ssh/ssh_private ~/qr_transfer/qr.part
cat qr.partaa | qrencode -o qr1.png
cat qr.partab | qrencode -o qr2.png
# Now scan qr1.png, then qr2.png

Although none of this matters until/unless keys of this size get support.

equwal avatar Mar 03 '20 20:03 equwal

We have a wiki page about how to setup everything. It includes instructions about how to generate QR codes and a link to my script yishilin14/asc-key-to-qr-code-gif (yes, split and qrencode).

I think the link to the wiki page is buried too deep (Settings->About->Help). I plan to add links of corresponding wiki sections directly to "Password Repository" and "XXX Key" setup pages this weekend.

yishilin14 avatar Mar 04 '20 16:03 yishilin14

We have a wiki page about how to setup everything. It includes instructions about how to generate QR codes and a link to my script yishilin14/asc-key-to-qr-code-gif (yes, split and qrencode).

I think the link to the wiki page is buried too deep (Settings->About->Help). I plan to add links of corresponding wiki sections directly to "Password Repository" and "XXX Key" setup pages this weekend.

My intended suggestion was to add it to the information screen inside the app, not just a wiki page (although that is also great!).

I found the app from the app store, not from the Github page. This was the only point where I was not able to blindly figure things out by using the app without going in search of other documentation.

equwal avatar Mar 08 '20 23:03 equwal

Just my two cents: I didn't realize that splitting the key between two separate QR codes was even possible, and just assumed I was being weird for using 4096 byte keys. I too found the app from the app store -- I just ended up using iTunes file transfer to send the key.

It includes instructions about how to generate QR codes and a link to my script yishilin14/asc-key-to-qr-code-gif (yes, split and qrencode).

Given the nature of the key and how important it is, I'm sure you can understand that most users probably do not want to run their private key through a random script. It would have a lot more trust if it were in this repo, I think, but even then it's a bit of a stretch.

hakusaro avatar Apr 16 '20 05:04 hakusaro

So you trust iTunes more than a 50 line bash script?

clemisch avatar Apr 29 '20 08:04 clemisch

If you want to avoid iTunes, other apps and the bash script you could use the unix tool qtencode to do the trick:

Private key:

gpg --export-secret-keys -a yourGPGkeyIDhere | qrencode -t png -Sv40 -o ~/Documents/myGPGprivateKey.png

This results in a set of PNG files. Each with a QR-Code. Simply scan all PNGs in sequence.

Public key:

gpg --export -a yourGPGkeyIDhere | qrencode -t png -Sv40 -o ~/Documents/myGPGpublicKey.png

christian-weiss avatar Jun 02 '20 15:06 christian-weiss