-
-
Notifications
You must be signed in to change notification settings - Fork 278
Frequently Asked Questions
SSH keys are usually created with permissions set to 600 , meaning that only the creator of this key has the right to read from it. The application needs a read access, at least
temporarily, make the permissions to 644 , import the key, then set them back to 600 .
In OpenKeychain (under the left drawer) Apps > Password Store > Accounts > (select the account) > Account key, select the key used to encrypt your passwords.
Be sure to disable battery optimisation for OpenKeychain in your device's settings and make sure there is no task killer running.
OpenKeychain also requires the Display pop-up windows while running in the background permission on some phones, in order to display the necessary dialog boxes (Xiaomi phones running MIUI are a particularly significant group). See https://github.com/android-password-store/Android-Password-Store/issues/518 for details.
Yes and no. The password themselves are safe, since they are stored in an encrypted fashion. They are secure as long as your GPG key's secret part is safe. However, the repo leaks the names of the entries: a password named web/site.com will be stored in the file web/site.com.gpg. As a consequence, anyone who can see your public repo can see the name of your passwords, which is not so great for privacy: if a file is named web/pornhub.com.gpg, this might give a hint about your browsing habits. Moreover, the size of the files might also gives a clue about which accounts might have small passwords. If a file is very small, chances are that your password is small too. An attacker could use this information to select which account of yours is most likely to have a weak password.
Any app that provides the ability to sync folders from your device storage or SD card to the cloud can be paired with Password Store to make it happen. Syncthing is popular among Password Store users for this purpose. Once you have the passwords in a directory on your device, choose the "Use local directory" option during first run and use the "SD-Card" option to navigate to and select your passwords directory.
If you have 2 factor authentication enabled, your password is not sufficient anymore to authenticate to your repositories. You will need to generate a Personal Access Token and use that as a password in the app. Instructions for that can be found here
We generate release binaries under two separate configurations titled free and nonFree. The distinction was created following the merge of #900, that introduced a dependency on closed source GMS libraries. Since F-Droid is a FOSS-only app store, we created the free flavor where we do not ship the GMS dependency and thus the feature to fill SMS OTPs is unavailable.