Closed bilelmoussaoui closed 2 years ago
Sneezry
commented
2 years ago Hi @bilelmoussaoui , thank you for the PR.
The doc you modify talks about Standard Backup Format, which contains one otpauth URI per line.
And Encrypted backups not supported in the table means the Encrypted backups are not stored in that format (obviously, totp URL doesn't support encryption).
To be compatible with Aegis format is off-topic for that doc.
Please correct me if I have any mistakes.
bilelmoussaoui
commented
2 years ago Oh I see. I thought it was about encrypted backups in general and not specific to OTP URI. Is there some "standard" way to encrypt those that would also be compatible with the browser extension?
Sneezry
commented
2 years ago I don't think we have a "standard" way for encrypted backups, yet. If any famous 2FA client has a proposal, we're glad to follow.
If you are interested in encryption tech details of this browser extension for compatibility, I'm glad to help.
bilelmoussaoui
commented
2 years ago That would be great if you could point me to at least to the implementation I can read. For now I will close this one as it is not a correct change
Sneezry
commented
2 years ago Here's an example of encrypted backup of this extension:
{
"9e524d6e-70c7-40c8-829e-bf3d5331e538": {
"encrypted": true,
"hash": "9e524d6e-70c7-40c8-829e-bf3d5331e538",
"index": 0,
"type": "totp",
"secret": "U2FsdGVkX1/BNH...",
"issuer": "Example",
"account": "alice@google.com"
},
"key": {
"enc": "U2FsdGVkX1+FcDGIr9WQ...",
"hash": "$argon2id$v=19$m=16..."
}
}To decrypt the data, follow these steps:
encrypted property value of the entry is true.P.P with key.hash by using Argon2 - verify method.S with key.enc and the password P by using AES-256.S and secret property value of the entry by using AES-256.Some implementations:
Since 4.1, we do support encrypted backups using Aegis format