Allow users to manage encryption key(easily import and export)

[MeijeSibbel]

Allow users to save the key in for example the following way:

1. Allow them to email the key to themselves (maybe secured).
2. Allow users to save the key encrypted with a password on the phone.
3. Allow the user to export and/or backup the keys in different ways.

[kaloyan-raev]

As far as I am familiar with these 12/24-words encryption keys, users should take great care for them. They are supposed to be written on a paper and not stored in an electronic form to avoid hacking. Is there anyone we can discussed the security aspects of exporting, emailing and backing up the encryption key?

Regarding "2. Allow users to save the key encrypted with a password on the phone." do you mean using a passcode with the encryption key? So far, I haven't utilized passcode for simplicity, but I can add it. This would mean asking the user for the passcode every time the app is launched.

[MeijeSibbel]

The thing is that forcing people to write the password on a piece of paper is too intensive for most users, they just want to register and get started, that's it. I think Braydof can say more about this. We just don't have to bother the users too much.

On 2 i indeed mean save the encryption key with a password protection. Just asking for the password once at login or if they logout would be best, asking for it every time will become a pain after the third time.

[kaloyan-raev]

On 2: The idea of the passcode is that it is not stored on the file storage, just in memory in the worst (from security point of view) case. If you store the passcode on the file system then it does not improve the security. If we introduce passcode, it should be optional - just for those who really want it.

Note that the Android app stores the auth file with credentials in its internal data dir. The files in this dir are private to the owner app only. Other apps cannot read them unless there is a security breach in the Android OS.