Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:20 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Wed Aug 26, 2015 2:02 pm 
Offline

Joined: Tue Aug 18, 2015 12:25 pm
Posts: 4
Project Name: CrypSafe
License: Freemium
Platforms: Android 4.03+, phones, and tablets, web browsers
Webpage: CrypSafe
Tutorial: CrypSafe YubiKey Help
Download: Google play

We have developed an encrypted contact manager and password manager for Android. It is a secure alternative to many of the cloud-based solutions, but without the cloud. Key technologies are an AES-256 encrypted SQLite database and NanoHttpd tiny web server. Security details: https://nuvolect.com/crypsafe/security

The app is in final stages of beta and quite usable, but we felt it needed stronger user authentication, enter YubiKey NEO. On Android NFC devices, tap the NEO to the back and access is granted. The app uses the default Yubico OTP settings for slot 1. For the web app (on your LAN only), we use the YubiKey static password in slot 2.

We need help in two areas. First is testing on a variety of Android devices and YubiKeys. The number of Android NFC capable devices is growing rapidly and differences in NFC implementation are anticipated.

The second area is in the security concept. The app design calls for a standalone solution, without dependency on Internet resources. This makes OTP and U2F validation an issue. We currently acquire the serial number from two NEO sources, from the NFC adapter and from decoding part of the OTP. This is not the best solution but perhaps good enough until a complete OTP validation can be accomplished. The app will recognize two unique NEO keys allowing for a backup key. The web app uses a simple static password, this can also be supplied by NEO.

Your testing, feedback, and thoughts are appreciated, thanks in advance!

Image


Last edited by MattK on Tue Sep 29, 2015 1:08 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Sep 11, 2015 10:18 pm 
Offline

Joined: Tue Aug 18, 2015 12:25 pm
Posts: 4
The feedback we have so far is positive, thank you, but Google Play shows support for 8736 different Android devices. Not all of these support NFC but clearly it would be good to test on as many as possible. Every test is valuable.

How to test CrypSafe and YubiKey NEO:

1. Install the app
2. In the app select Settings then CrypSafe entry lock
3. Select Scan key 1 and present your YubiKey NEO

CrypSafe will capture and display the decimal serial number of your NEO. Hit the back button to exit the app and when you start it again you will be presented with a lock screen. Present your YubiKey NEO and it will unlock.

That's it. Please post your results here or to team@nuvolect.com.

Thanks!


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 16, 2015 11:11 pm 
Offline

Joined: Tue Aug 18, 2015 12:25 pm
Posts: 4
It's been reported that the Nexus 4 sometimes requires the NEO be presented 2 or 3 times to complete authentication. While I don't doubt this is true, it seems each device is different may have the NFC antenna in a different location. If anyone has a Nexus 4 and can confirm the issue it would be appreciated. Any insights into unique NFC device characteristics is also appreciated.

Cheers!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group