Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for importing FreeOTP 2.0 encrypted backups #1084

Closed
johnnynoone opened this issue Jan 13, 2023 · 7 comments · Fixed by #1506
Closed

Support for importing FreeOTP 2.0 encrypted backups #1084

johnnynoone opened this issue Jan 13, 2023 · 7 comments · Fixed by #1506
Labels
proposal A proposal for a new feature

Comments

@johnnynoone
Copy link

In version 2.0, FreeOTP gained the ability to export backups. The backups are encrypted and Aegis is currently unable to import them.

Additionally, 2.0 update notes say that tokens were migrated to KeyStore. As far as I understand, this might mean that the old method of importing the xml file no longer works.
@johnnynoone johnnynoone added the proposal A proposal for a new feature label Jan 13, 2023
@alexbakker alexbakker added the proposal-accepted An accepted proposal for a new feature label Jan 15, 2023
@alexbakker
Copy link
Member

alexbakker commented Jan 15, 2023
edited
Loading

Sounds good to me, feel free to submit a PR!

(And indeed, the fact that FreeOTP now uses the Android Keystore for encryption means that we probably can't import directly from the app's internal storage anymore. Importing the backup file should be possible, though)

@corobin
Copy link

corobin commented Jan 22, 2023

wow freeotp got an update? I thought it was abandoned!

@alexbakker alexbakker mentioned this issue Apr 11, 2023
Closed
@Greenheart
Copy link

What would this require technically? As an user, it seems like FreeOTP encrypted backups creates a file called externalBackup.xml which actually contains a mix of JSON and plain text data. Interestingly this file contains cleartext details about the tokens in the backup (including emails and app names). Only the actual HOTP/TOTP secrets seem to be encrypted.

To load the FreeOTP backup into Aegis, all that seems to be needed is the main passphrase that was entered into FreeOTP when first installing the app (or upgrading to v2+). For implementation details, perhaps the FreeOTP codebase can show how to make the import of decrypted backups.

Since FreeOTP uses the Apache 2 license, it should be possible to include code inspired by FreeOTP (for example related to handling encryrpted backups) in Aegis.

@r0bb3n r0bb3n mentioned this issue Sep 22, 2023
Closed
@alexbakker
Copy link
Member

I took a quick look at this today, but I don't think we'll be adding support for this until freeotp/freeotp-android#381 is addressed.

@alexbakker alexbakker removed the proposal-accepted An accepted proposal for a new feature label Dec 27, 2023
@johnnynoone johnnynoone mentioned this issue Jan 4, 2024
Open
@AdamWill
Copy link

just to confirm, there's no functional way to import from freeotp at all atm (not just backups), as the original reporter and alex suspected. the 'import from app' route tries to import from a file called tokens.xml that doesn't exist any more, if you copy tokenStore.xml to tokens.xml it fails with a bunch of errors about missing algo and secret values. might be good to change the title of this issue to make the scope clearer?

@alexbakker
Copy link
Member

Only import from FreeOTP 2.0 and newer doesn't work. We've added a hint to allude to this (#1204) but perhaps there are a couple more places where we should make this explicit. Patches welcome.

juleskers added a commit to juleskers/Aegis that referenced this issue Jul 2, 2024
@juleskers
DatabaseImporter: add overlooked FreeOTP "1.x"-only
327f97c 
Include the '(1.x)' qualifier directly in the import-source selection dropdown to avoid raising false expectations.

See also:
- beemdevelopment#1204, where the 1.x-hint was introduced
- beemdevelopment#1084: tracking issue for 2.x support
- freeotp/freeotp-android#381
  FreeOTP-issue to reconsider the brittle serialised java format used by 2.x
@juleskers juleskers mentioned this issue Jul 3, 2024
Merged
@juleskers
Copy link
Contributor

Only import from FreeOTP 2.0 and newer doesn't work. We've added a hint to allude to this (#1204) but perhaps there are a couple more places where we should make this explicit. Patches welcome.

I've found an additional spot to add "1.x": in the import-file dropdown, see PR #1408

This was referenced Sep 28, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal A proposal for a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for importing FreeOTP 2 backups alexbakker/Aegis
6 participants
@AdamWill @johnnynoone @alexbakker @Greenheart @juleskers @corobin