Introduction

- Isaac Potoczny-Jones

A group of us in collaboration between the OI Safe project (formerly Android Password Safe) and the Openintents project have implemented a cryptography service and a keystore service which other Android applications can use to keep data and passwords safe, in a way that's convenient for the end user.

Our system allows a single password, and periodic single sign-on so that all applications can encrypt, decrypt, and store keys using the same master password that the user enters once.

We hope other Android developers will read this and get excited and offer to help with implementation details, modify their applications to use our Intents, and help verify our cryptography implementation. We also want feedback on user experience, security permissions, and other such items :)

Please post a comment below or discuss things on the OpenIntents developer list. You can browse the source code or check it out to try.

All the major features are implemented, and we plan to release a Beta around the week of January 19, 2009; we want to be sure that early adopters won't have any data that they'll never be able to decrypt :)

How end-users experience OI Safe

OI Safe is an application that can be used directly by end users or indirectly through other applications. It's primary purpose is to store usernames and passwords. For instance, if you log into myopenid.com with a username and password, you might use the password safe to remember that password securely. The method of encryption used in OI Safe makes it so that even if a user's phone is stolen or lost, the user's secret data cannot be extracted.

When the user logs in for the first time, they're prompted for a master password, and then a random master key is generated. That master key is used to encrypt all of the "other" passwords that the user inputs (like that myopenid.com password).

After logging in, a "service" is started which remembers the master key for a period of time (currently 5 minutes, but we hope to make this configurable). That service makes it so that the user doesn't have to keep logging in all the time. They can also "lock" the application, which stops the service.

OI Safe's Cryptography Service

Since the Android operating system allows processes to communicate with well defined APIs, it's possible to create a cryptography service that other applications can use to securely store their own data by encrypting and decrypting it with the same master key and password that OI Safe uses.

This is convenient for the user; they don't need to memorize a lot of different passwords for all of their secure data. It's also a Good Thing for security; we should implement a cryptography service correctly, one time, and we hope that many people will help us analyze and critique our implementation so that the user an be assured of its correctness.

For instance, the OI Notepad application is being enhanced to allow users to store encrypted notes (download OpenIntents source code here). OI Notepad doesn't need to ever ask the user for a key, doesn't need to store any key, and doesn't need to implement the cryptography functions. All of that is handled by OI Safe.

When the user asks OI Notepad to encrypt a note, the user might be prompted to log into the password safe application in order to unlock the master key. If the service is already running, they won't be prompted.

The plain text that the user wants to encrypt is put into the EXTRA_TEXT variable, and likewise the output crypto text is stored in the same variable when the intent returns.

Once OI Notepad has the crypto text, they can store it in their database just like any other text. OI Notepad allows both encrypted and plain text notes, so each entry in its database has to have a boolean value saying whether or not the note is encrypted.

The OI Notepad application is just an example of what's possible (and indeed, already implemented!) The same method can be used to encrypt any textual data, such as TODO items, contact list or GPS locations. Eventually, it would be nice to be able to offer the ability for users to encrypt their photos or audio notes, or even use public / private keypairs to exchange data securely via email or whatever other mechanism they like. We don't really know the feasibility of this, but we're hoping to offer encryption on data streams in future releases.

Decryption is very similar:

OI Safe's Keystore Service

Besides offering encryption and decryption services, OI Safe can be used by other applications to securely store passwords in a manner similar to Gnome Keyring. This gives the user single-sign-on capability for all of their applications, while allowing the passwords to be stored securely.

For instance, an Instant Message application needs to store a username and password so that no one can impersonate the user. Now the user might tell the IM application to not store that password, but then they have to type it in every time they log in. Instead, the IM application probably stores that password (unencrypted) in its database. The same goes for an email application, or your browser's "remember this password" function.

It's convenient, but if someone gets a hold of your phone, then they have access to all of these passwords because they reside unencrypted on the system.

OI Safe offers an alternative. Applications like our hypothetical IM application could instead store their passwords in the password safe, where they will be kept encrypted, and where other applications will not be allowed to access them. (Each password maintains a list of applications which have permission to access them.)

So when the user starts IM (for instance) they might or might not have to unlock the password safe's master password, and the application the username and password, which has been kept safe & sound in the encrypted database of OI Safe.

Some technical details

There are a few technical details to consider:

• When you change your password in OI Safe, the master key does not change, it only gets encrypted with the new password. This means that all the data in this and other applications can still be encrypted & decrypted with the same master key (which needs to be unlocked with the new password). So if your key is exposed somehow, changing the password won't matter.

• The user had better never lose their master key because all of their data will be irrevocably lost, even if they know their password!! That means if they uninstall the OI Safe application without somehow storing the master password, the key goes away and their OI Notepad notes will be un-decryptable. This is a significant problem. Maybe we can solve this by having a separate application which just stores the key, which has a scary name like "master encryption key" so that users don't just delete it. Maybe we should also have a way of backing up this key?

• For each password in the keystore, the application which initially set that password is the only one who can edit or retrieve it. This is to prevent other applications from stealing a password they shouldn't have access to. We hope to relax this restriction, and instead prompt the user to see if they want one application to have access to another application's password.

• The Service cannot be connected to directly, for the moment, by any application other than OI Safe. This is to protect the master password from being read by other applications. In the future, it might make sense to allow other applications to use this service to process bytestreams or other large chunks of data.

• The algorithm used for encryption is PBEWithMD5And128BitAES-CBC-OpenSSL. We're evaluating SHA1, but for now we're finding it too slow.

• Later on we'd like to add intents for public/private cryptography which would allow signing, etc.