Yubico Forum

Project Name: CrypSafe
License: Freemium
Platforms: Android 4.03+, phones, and tablets, web browsers
Webpage: CrypSafe
Tutorial: CrypSafe YubiKey Help
Download: Google play

We have developed an encrypted contact manager and password manager for Android. It is a secure alternative to many of the cloud-based solutions, but without the cloud. Key technologies are an AES-256 encrypted SQLite database and NanoHttpd tiny web server. Security details: https://nuvolect.com/crypsafe/security

The app is in final stages of beta and quite usable, but we felt it needed stronger user authentication, enter YubiKey NEO. On Android NFC devices, tap the NEO to the back and access is granted. The app uses the default Yubico OTP settings for slot 1. For the web app (on your LAN only), we use the YubiKey static password in slot 2.

We need help in two areas. First is testing on a variety of Android devices and YubiKeys. The number of Android NFC capable devices is growing rapidly and differences in NFC implementation are anticipated.

The second area is in the security concept. The app design calls for a standalone solution, without dependency on Internet resources. This makes OTP and U2F validation an issue. We currently acquire the serial number from two NEO sources, from the NFC adapter and from decoding part of the OTP. This is not the best solution but perhaps good enough until a complete OTP validation can be accomplished. The app will recognize two unique NEO keys allowing for a backup key. The web app uses a simple static password, this can also be supplied by NEO.

Your testing, feedback, and thoughts are appreciated, thanks in advance!

The feedback we have so far is positive, thank you, but Google Play shows support for 8736 different Android devices. Not all of these support NFC but clearly it would be good to test on as many as possible. Every test is valuable.

How to test CrypSafe and YubiKey NEO:

1. Install the app
2. In the app select Settings then CrypSafe entry lock
3. Select Scan key 1 and present your YubiKey NEO

CrypSafe will capture and display the decimal serial number of your NEO. Hit the back button to exit the app and when you start it again you will be presented with a lock screen. Present your YubiKey NEO and it will unlock.

That's it. Please post your results here or to team@nuvolect.com.

Thanks!

It's been reported that the Nexus 4 sometimes requires the NEO be presented 2 or 3 times to complete authentication. While I don't doubt this is true, it seems each device is different may have the NFC antenna in a different location. If anyone has a Nexus 4 and can confirm the issue it would be appreciated. Any insights into unique NFC device characteristics is also appreciated.

Cheers!