fields not erased when restoring from backup

trustcrypto / OnlyKey-Firmware

The OnlyKey Firmware runs on the OnlyKey itself and provides the core functionality of OnlyKey.

https://docs.crp.to/firmware.html

212 stars 40 forks source link

fields not erased when restoring from backup #154

Closed cizmazia closed 1 year ago

cizmazia commented 1 year ago

The unset username field was not erased when restoring from a backup.

Steps to reproduce

Set a username and password on a slot
Create a backup and restore it to another onlykey
Erase the username (i.e. wipe the slot and set the password only)
Create a backup and restore it to another onlykey

Desired behavior

The username is unset on the other onlykey

Actual behavior

The username is still set

onlykey commented 1 year ago

@cizmazia Backups save all data from an OnlyKey A and during restore that data is written or overwritten onto OnlyKey B. If there is already data on OnlyKey B the restore process will not wipe that data. We don't wipe during the restore process because it can unintentionally wipe data that a user can't get back. i.e. I restore an old backup onto a device that I have set up a new account on, my new account gets wiped and now I have no backup.

cizmazia commented 1 year ago

Thanks for explaining!

For the record, my use case is of maintaining a second onlykey for backup purposes. After reorganizing the slots on the first onlykey, I restore the second one from a backup of the first one. I expected to end up with the same copies but credentials of different accounts got blended together. With the current implementation, I need to wipe all slots first before restoring from a backup of the first key.