/Android-Password-Store

Android application compatible with ZX2C4's Pass command line application

Primary LanguageJavaGNU General Public License v3.0GPL-3.0

PwdStore

IRC ![Gitter](https://badges.gitter.im/Join Chat.svg) Android Arsenal

Build Status Flattr this git repo Stories in Ready

This application tries to be 100% compatible with pass

You can install the application from:

  • F-Droid (the prefered way)
  • Play Store (always lags behind)
  • Using the apk file found at app/app-release.apk or build everything from source (always updated before Play Store, but usually after F-Droid)

DEBUG: If you want to help us debug the application, please use the apk that integrates crashlytics so that we can get more details on the crashes and improve the application.

Pull requests are more than welcome (see TODO).

Community

A few ways to get in touch:

  • Github issues, use it if you have a bug report, you do not understand how somehting works or feature request
  • reddit, want to discuss something and it's midnight, no one on irc and you really want to write more than a couple of lines? reddit is your way!

FAQ

  • Q: What kind of repository can I clone from?
  • A: Make sure to only clone from bare repositories (see git-clone(1) for how to create a bare repository from an existing one). Otherwise the clone will fail.
  • Q: I get a "Permission Denied" error when trying to import my ssh-key, why?
  • A: ssh-key files are usually created with permissions set to 600, meaning that only the creator of this key has the right to read from it. The application needs a read access, at least temporarily, make the permissions to 644, import the key, then set them back to 600.
  • Q: I tried to use APG and it does not work... why?
  • A: We only support OpenKeychain.
  • Q I get the error No encrypted data with known secret key found in stream
  • A In OpenKeyChain (under the left drawer) Apps > Password Store > Accounts > (select the account) > Account key select the key used to encrypt your passwords.

TODO

  • Implement a keyboard to replace the copy/paste and avoid clipboard hijicking (see #50)
  • Create a new category
  • Multiple password stores (multiple git repositories).
  • Solve issues labeld as enhancement (see enhancement issues)

How-To

Note: This section is work in progress

Generate a ssh key for your git repo

###From the application###

  • Go to settings > Generate SSH key pair
  • Select the key size (length)
  • Set the passphrase (optional) and a comment (optional)
  • Press Generate
  • Press Copy to copy the public key and add it to your ssh server

###From a terminal###

  • Generate the private and public key
ssh-keygen -C droid_phone -b 2048 -t rsa -f /tmp/id_rsa_droid
  • Copy the public key /tmp/id_rsa_droid.pub on your ssh server and add in to the ~/.ssh/authorized_keys file
cat id_rsa_droid.pub >> ~/.ssh/authorized_keys
  • Copy the private key /tmp/id_rsa_droidto your phone and import it in your Android-Password_Store app through the settings

Export your gpg private key

  • Get your pass script gpg id(s) ie: cat ~/.password-store/.gpg-id
  • You can also get a full ids list using gpg -k
  • Export your private key with
gpg --export-secret-key [the_id] > keys.asc
  • Import it in OpenKeychain

Clone using SSH-key, then decrypt a password

Clone And Decrypt

Features

  • Clone an existing pass repository (ssh-key and user/pass support)
  • List the passwords
  • Handle the directories as categories
  • Decrypt the password files (first line is the password, the rest is extra data)
  • Add a new password to the current category (or no category if added at the root)
  • Pull and Push changes to the remote repository
  • Ability to change remote repository info

Libraries

This project uses three libraries:

  • OpenKeyChain for encryption and decryption of passwords. To download the library, run the following commands at the root of the project

      git submodule init
  git submodule update

  • JGit a pretty good git lib

  • Apache's FileUtils for files manipulations

Cookie