Issue during export/import

[6eero]

Description:

Currently, NewPass exports the password database encrypted by the user password entered during the initial setup. However, during the export process, the decrypt method is invoked to decrypt the password column. This is intended to prevent issues with incorrect keys when importing the database, as the import process calls the encrypt method to re-encrypt the entire password column. As a result, even though the exported database is encrypted by the user's password, the password column within this encrypted database is stored in plaintext. This undermines the overall security of the database, as the plaintext passwords are exposed once the database is decrypted with the user's password.

Steps to Reproduce:

1. Set up a NewPass account and create several password entries.
2. Export the password database.
3. Decrypt the exported database using the user password.
4. Observe that the password column within the decrypted database is in plaintext.

Expected Behavior:

The exported password database should have all its contents, including the password column, encrypted with the user password. No plaintext passwords should be exposed within the encrypted file.

Actual Behavior:

While the exported database is encrypted with the user password, the password column within the decrypted database is stored in plaintext, exposing sensitive information.

[starry-shivam]

[Question / Suggestion]

Why don't you export the data in a format like JSON? Exporting the database itself causes several issues, the biggest one being that if a user has a backup they haven't imported yet, and they add some password or other data, then later decide to import their existing backup, the new database file will overwrite the whole database. This results in the loss of existing saved passwords or any other data without any prior warning.

Another problem is that exporting and importing the whole database file causes many integrity-related issues and failures to import if the exported database schema differs significantly from the one inside the app. Using formats like JSON allows you to add versioning in your database exports and handle the import of backup files based on their version. This way, if you change the database schema and a user has old backup files that don't contain some fields present in the new schema, you can still import whatever data the user has in their old backup file while ignoring the missing fields by checking the version of the backup file.

In general, exporting a database file itself is not considered good practice due to the problems and limitations mentioned above, as well as other unexpected issues that may render the backup file useless at some point.

[6eero]

Right now, the password management system of newpass work as this:

First Level

• Passwords are encrypted (ars+gcm) before being stored in the database using a securely generated key stored in the Android Keystore.

Second Level:

• The entire database is encrypted using the SQLiteCipher library.
• This encryption uses a key entered by the user during the app's initial launch.

Thus, passwords remain encrypted both at rest and during app usage. The only time passwords within the database are decrypted is during the export of the database, which is exported and encrypted solely with the password entered by the user during startup (using SQLiteCipher).

The problem with exporting the database to JSON is that I would also lose the SQLiteCipher encryption, resulting in an unencrypted database export, which is not acceptable.

[starry-shivam]

The problem with exporting the database to JSON is that I would also lose the SQLiteCipher encryption, resulting in an unencrypted database export, which is not acceptable.

You can encrypt the contents of a JSON or any other file format you decide to use by yourself, using your choice of encryption algorithm and the user's provided password as the key.

[6eero]

Done! This will available in the next update!