Authenticator icon indicating copy to clipboard operation
Authenticator copied to clipboard
verified publisher icon mattrubin

Standard data exchange format

Open fortran77 opened this issue 6 years ago • 6 comments

I see that there are already a couple of requests for encrypted backups: Issue #6, Issue #261.

Please consider implementing the below (unencrypted) data exchange format for one-time data export or import across multiple applications. It's just one URI per line, user-friendly and easy to generate and parse. Encryption could be added later and you would then have a nice and simple encrypted backup format too.

Data exchange format:

https://authenticator.cc/docs/en/otp-backup

Context:

https://github.com/Authenticator-Extension/Authenticator/issues/282

fortran77 avatar Apr 22 '19 00:04 fortran77

And if you're the first project to add good encryption to this format, maybe you could propose that as a standard for other projects to adopt.

fortran77 avatar Apr 22 '19 00:04 fortran77

I've been working on this in my fork of Authenticator here: https://github.com/bmwalters/Authenticator

It's currently very rough around the edges, but it allows the user to create an encrypted backup of all their tokens and export it via the share sheet. The encryption is identical to what andOTP uses, and the plaintext is in the standard format linked above (used by FreeOTP+, Authenticator-Extension, WinAuth coincidentally, and mostly supported by Aegis).

With this branch, there is now a complete portability-out path:

  1. Create encrypted token backup.
  2. Decrypt backup using andOTP WebDecrypt/its source or andOTP-decrypt.
  3. To migrate to an app supporting the standard backup format, just import the resulting file.
  4. To migrate to an app that does not support the standard backup format, take each of the otpauth URLs, generate a QR code using 2fa-qr or something similar, and scan.

I believe this goes a long way into addressing one of the most popular feature requests for this project. (#6, #255, #256, #261, #315.1).

bmwalters avatar Jun 01 '20 04:06 bmwalters

This is great!

Do I understand correctly that encryption is mandatory?

If so, then it would be great to allow an optional unencrypted export. The reason being that it will make data exchange quite a bit easier across multiple applications. I expect that when a user is simply copying data from application A to application B, they will not leave the unencrypted exported file around for long (as it's for data transfer, not backup), so security risks should be low.

But in any case, it's good to know that all the TOTP apps are converging onto a single data transfer format. We need to somehow convince the commercial providers to join in.

fortran77 avatar Jun 01 '20 05:06 fortran77

An unexncrypted export in json forma would be very helpful

griesi007 avatar Jan 07 '21 18:01 griesi007