Foil Auth

Rating: 
5
Your rating: None Average: 5 (7 votes)

Secure OTP (One-Time Password) generator for Sailfish OS.

Its functionality is similar to SailOTP except that Foil Auth keeps secret authentication keys encrypted with your Foil password. Only time-based (TOTP) passwords are supported in this version.

Foil password (and the RSA encryption key ~/.local/share/foil/foil.key) is shared with Foil Pics and Foil Notes. Encrypted authentication keys for OTP generation are stored in ~/Documents/FoilAuth.

The format of the encrypted file is described here.

Source code: https://github.com/monich/harbour-foilauth

Screenshots: 
Application versions: 
AttachmentSizeDate
File harbour-foilauth-1.0.5-9.1.armv7hl.rpm289.9 KB22/04/2019 - 13:06
File harbour-foilauth-1.0.5-9.1.i486.rpm340.12 KB22/04/2019 - 13:06
File harbour-foilauth-1.0.4-8.1.armv7hl.rpm289.68 KB13/04/2019 - 00:41
File harbour-foilauth-1.0.4-8.1.i486.rpm339.26 KB13/04/2019 - 00:41
File harbour-foilauth-1.0.3-7.1.armv7hl.rpm288.45 KB11/04/2019 - 15:03
File harbour-foilauth-1.0.3-7.1.i486.rpm337.9 KB11/04/2019 - 15:03
File harbour-foilauth-1.0.2-6.1.armv7hl.rpm287.17 KB11/04/2019 - 01:18
File harbour-foilauth-1.0.2-6.1.i486.rpm336.38 KB11/04/2019 - 01:18
File harbour-foilauth-1.0.1-5.1.armv7hl.rpm285.06 KB10/04/2019 - 18:37
File harbour-foilauth-1.0.1-5.1.i486.rpm335.06 KB10/04/2019 - 18:37
File harbour-foilauth-1.0.0-4.1.armv7hl.rpm284.31 KB10/04/2019 - 14:46
File harbour-foilauth-1.0.0-4.1.i486.rpm333.54 KB10/04/2019 - 14:46
Changelog: 
  • 1.0.5 (Apr 22 2019)
    - Query the actual maximum zoom from the camera
    - Improved French and Polish translations
  • 1.0.4 (Apr 12 2019)
    - French translation
  • 1.0.3 (Apr 11 2019)
    - Swedish translation
  • 1.0.2 (Apr 11 2019)
    - Chinese translation
  • 1.0.1 (Apr 10 2019)
    - Polish translation
  • 1.0.0 (Apr 10 2019)
    - Initial version

Comments

TheJullus's picture

Would it be possible to make an option to use fingerprint authtentication for unlocking these foil apps? (Possible in sense of being able to do it and also if it's against the security idea you have (as in "password stronger that PIN code"))

slava's picture

Hehe, I was actually considering something like that but it turned out to be impractical and in many ways less secure. Probably the best argument which I heard against that or any kind of biometric authentication in general - "you can change your password but you can't change your fingerprint". When it comes to the actual implementation, it turns out that on most systems you don't have access to raw fingerprint images. You can only match the current fingerprint against the training set and that's it. It's just not enough to generate any kind of hash or anything that could be used as an encryption key.

TheJullus's picture

Is it some how possible to use old codes after resetting the phone? I tried to use this app with same password but it says there is no codes (or notes in FoilNotes) Ps. Would it be possible to use fingerprint authentication to open the Foil apps?

slava's picture

I'm afraid you've lost your auth token forever and need to request a new one :/ Once the old encryption key is gone, there's no way to recover encrypted data. At least there sholdn't be by design, unless the design is flawed (I hope not).

TheJullus's picture

I do have the auth token because I did a backup of my nemo folder. I just switched foil.key in .../nemo/.local/share/foil and it works just fine!!

slava's picture

Good! Just don't lose your key and don't forget your password :)

glanternier's picture

Ok. I now understand how it works. I had to use inWebo anyway because the helpdesk was being stupid and rigid about this, but I understand what I have to do next time if I want to use the native app. Thanks !!!

glanternier's picture

Hello, I want to use Foil OTP to register my O365 account at work, but the IT helpdesk insists on going with an Android app called inWebo. I think that I could use Foil OTP instead, but I don't understand how OTP works technically so I am not sure. The helpdesk will not help me of course. Seeing an non Android / iOS device almost caused them a panic attack :-(

slava's picture

If you enter your foil password, select "Add Token" from the pulley menu and press "Scan QR code" button (they provided you the QR code, didn't they?), you should be able to import the token and use Foil Auth for authentication.

These "one time passwords" are essentially one long password (the secret= part of otpauth:// URL), out of which a shorter one is generated based on the current time. The algorithm implemented by Foil Auth is described here

direc85's picture

Works well, great app!

explit's picture

Absolut great like all your apps, Slava!

minitreintje's picture

The Foil apps are simple, polished and work really well! Thanks Slava!

Historyscholar's picture

Nice