Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:51 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2, 3  Next
Author Message
PostPosted: Tue Mar 26, 2013 10:46 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Project Name: Yubinotes
License: TBD
Description: A yubikey enabled notes app for Android. All notes are encrypted and decrypted using the YubiKey. More details on this process coming.. The app contains all the functionality you would expect from a notes app, with a nice, minimalistic holo-compliant interface!
Platforms: Android 4.1+ (might go down to Android 4.0.3 if I can work out some quirks)
Webpage: Google Play

Tutorial: Not much to it really, just download the app from the PlayStore once its available and have it!
Hey all!

Ive been working hard on a nice notes app designed to work with the Yubikey NEO. Basically, all notes are encrypted using 256bit AES and the yubikey is used for encryption/decryption.

Ill post some screenshots in a day or two. I am still tweaking the UI a bit, but it looks pretty clean, nice and holo-ish. Similar to the Google Drive app in a few ways I guess.

I developed the app simply because I love my YubiKey and want to contribute to the project by making a (hopefully) useful app.

The code will be up on Github by the time of release. ;)

If anyone has any feedback, suggestions or requests, please feel free to let me know!

Thanks all!


Attachments:
File comment: Screenshot 1
yubinotes01.png
yubinotes01.png [ 38.18 KiB | Viewed 10262 times ]


Last edited by Untouchab1e on Mon Apr 22, 2013 2:37 pm, edited 2 times in total.
Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Mar 27, 2013 2:04 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Updated the post to comply with the community guidelines! :)


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 27, 2013 2:38 pm 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Well done. Expect a tweet soon from us.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 27, 2013 2:41 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Nice!

Thanks for the support


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 02, 2013 2:14 pm 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello Again,

I was thinking around your App. It would be a good practice - HINT - to use the Yubikey in Challenge Response mode.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 02, 2013 3:10 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Tom wrote:
Hello Again,

I was thinking around your App. It would be a good practice - HINT - to use the Yubikey in Challenge Response mode.


Thanks. My ambition is to make the app support several modes, including challenge response. Though which modes will be available for the imminent release and which ones will come later is yet to be determined.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 15, 2013 7:29 pm 
Offline

Joined: Sat Mar 30, 2013 12:14 am
Posts: 1
How does it work?
I thought HMAC-SHA1 is just for Authentication purposes, not for Encryption/Decryption?!

Or is it "cloud" based, which checks the Authentication and returns the correct AES Decryption Key?

Best Regards,
Frank


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 15, 2013 9:37 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
fti wrote:
How does it work?
I thought HMAC-SHA1 is just for Authentication purposes, not for Encryption/Decryption?!

Or is it "cloud" based, which checks the Authentication and returns the correct AES Decryption Key?

Best Regards,
Frank


Hi there!

Right now, the plan is to have three "modes". Regular password protection, for those without a yubikey, a offline yubikey mode which is based on the device id, and an online yubikey mode which would be "cloud" based.

Now, the device id is not the most secure approach. It can be guessed. However, only someone with physical access to the device and your yubikey (or your guessed yubikey ID) will be able to access your notes as both the yubikey and the random generated encryption code which is generated the first time you run the app is used along with the yubkey to encrypt and decrypt the notes.

That said, nothing is set in stone and I am constantly switching things around.

A more detailed description of how the app works is available here.

I am currently Beta testing the app and making sure most kinks and issues are ironed out before publishing it to the Play Store


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 22, 2013 2:36 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
First beta out on the Play Store now :)


Top
 Profile  
Reply with quote  
PostPosted: Fri May 03, 2013 7:36 pm 
Offline

Joined: Thu Mar 15, 2012 6:03 pm
Posts: 32
Just found the app on Google Play. LOVE it! Once it's more fully featured (see below), this'll be replacing my current notes app for sure.

Does the app utilize the actual OTP of the NEO or just the ID? Since it's not using challenge-response and is not online, I'm guessing the latter?

Things I noticed after testing for a few minutes (you probably already have these on your todos, but I'll post them anyway for now..):
- Unticking the "Yubikey Mode" and thus destroying all your notes is way too easy (edit: looks like changing back to Yubikey mode made the notes readable again. Still..)
- Timer lock locks the notes even if the app is being used
- After initially choosing Yubikey Mode, I changed to password mode and then back again: now the timer lock won't activate at all anymore
- Way to use two NEO's with the app in case one is lost


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group