Dominik Schürmann edited this page Feb 10, 2016 · 34 revisions

Backup Format v2

  1. All secret and public keys that should be included in the backup MUST be concatenated in their transferable key format.
  2. A backup code is generated from secure random: The backup code consists of 24 upper case characters from the Latin alphabet and numbers without O and 0 (123456789ABCDEFGHIJKLMNPQRSTUVWXYZ) grouped into 4-character chunks, e.g., TWNK-KD5Y-MT3T-E1GS-DRDB-KVTW. The characters MUST be generated from secure random, such as /dev/urandom.
  3. The whole backup code including the dashes is directly used as a string to encrypt the concatenated transferable keys as an OpenPGP message (more precisely: It is used as the symmetric-key for a Symmetric-Key Encrypted Session Key Packet, the symmetric-key is thus 29 characters long including the dashes). The encryption algorithm MUST be one of the standardized OpenPGP symmetric algorithms (in case of OpenKeychain: AES-256).

Saved as a file

  • When saving backups as a file, ASCII armor MUST be used and a special ASCII armor header MUST be added: BackupVersion: 2
  • This way implementations can check if it is a backup and a special dialog for entering backup codes can be shown instead of a dialog with single text fields for entering passwords.
  • The header does MUST NOT automate anything, it should only have an impact on the UI.

Saved in other storages

  • When saving in other storages, such as private XMPP storages, ASCII armor is not required. Thus, the ASCII armor header can not be used. To show a special dialog, the implementation must know that the file came from a special storage and is a backup

Design decisions

Diff to Version 1

  • Change to 4 characters chunks instead of 6 character chunks
  • Include numbers

Deprecated Version 1

  • AES-256 (because this is default for all encrypted files in OpenKeychain)
  • Passphrase is securely generated from random by OpenKeychain and based on 24 uppercase characters, separated with dashes into 4*6 character chunks. Thus, the passphrase is 27 characters long, example: ABCDEF-GHIJKL-MNOPQR-STUVWX.
  • Possible combinations are: 26^24 = 2^112.8
  • The backup file is ASCII armored and a special header is added: BackupVersion: 1