fortran77
commented
5 years ago And if you're the first project to add good encryption to this format, maybe you could propose that as a standard for other projects to adopt.
Open fortran77 opened 5 years ago
fortran77
commented
5 years ago And if you're the first project to add good encryption to this format, maybe you could propose that as a standard for other projects to adopt.
bmwalters
commented
4 years ago I've been working on this in my fork of Authenticator here: https://github.com/bmwalters/Authenticator
It's currently very rough around the edges, but it allows the user to create an encrypted backup of all their tokens and export it via the share sheet. The encryption is identical to what andOTP uses, and the plaintext is in the standard format linked above (used by FreeOTP+, Authenticator-Extension, WinAuth coincidentally, and mostly supported by Aegis).
With this branch, there is now a complete portability-out path:
otpauth URLs, generate a QR code using 2fa-qr or something similar, and scan.I believe this goes a long way into addressing one of the most popular feature requests for this project. (#6, #255, #256, #261, #315.1).
fortran77
commented
4 years ago This is great!
Do I understand correctly that encryption is mandatory?
If so, then it would be great to allow an optional unencrypted export. The reason being that it will make data exchange quite a bit easier across multiple applications. I expect that when a user is simply copying data from application A to application B, they will not leave the unencrypted exported file around for long (as it's for data transfer, not backup), so security risks should be low.
But in any case, it's good to know that all the TOTP apps are converging onto a single data transfer format. We need to somehow convince the commercial providers to join in.
griesi007
commented
3 years ago An unexncrypted export in json forma would be very helpful
FolioForThatGuy
commented
1 month ago @bmwalters I just built and sideloaded that fork onto a jailbroken phone to test exporting and I can't seem to decrypt the keys. Any tips? Only doing this as there is actually no other way to export them besides me making another fork from scratch. I'm moving to an android so encrypted backups on mac aren't even an option.
Edit: NVM, read the rest of your comment and realised you already answered the question lol Thanks though for making that, it unfortunately still is the only way to export codes
Edit 2: I'm no expert in apples directory structure or this app, but I thought that if I copy pasted the files from Data/Application/Authenticator to the sideloaded app and renamed all the files appropriately it would just load all the data but apparently not. I'm stumped. Aren't tokens stored in "Library/Preferences/me.mattrubin.authenticator.plist"?
bmwalters
commented
1 month ago @FolioForThatGuy I’m guessing the issue is that the file in /Library/Preferences contains no secrets; the secrets are stored in keychain so you’ll need to research how to access that on your jailbroken device.
Though if you can read from keychain directly, you probably don’t need my build as you can just grab totp secrets from there.
Alternatively, don’t forget that if you only have a few services in your totp app, it might be quicker to set up 2fa again manually at each of those services.
I see that there are already a couple of requests for encrypted backups: Issue #6, Issue #261.
Please consider implementing the below (unencrypted) data exchange format for one-time data export or import across multiple applications. It's just one URI per line, user-friendly and easy to generate and parse. Encryption could be added later and you would then have a nice and simple encrypted backup format too.
Data exchange format:
https://authenticator.cc/docs/en/otp-backup
Context:
https://github.com/Authenticator-Extension/Authenticator/issues/282