Foil Auth

Rating: 
5
Your rating: None Average: 5 (20 votes)

Secure OTP (One-Time Password) generator for Sailfish OS.

Foil Auth keeps secret authentication keys encrypted with your Foil password. Supports time-based (TOTP), counter-based (HOTP) and Steam passwords. Tokens can be shared and imported via QR codes.

Foil password (and the RSA encryption key ~/.local/share/foil/foil.key) is shared with Foil Pics and Foil Notes. Encrypted authentication keys for OTP generation are stored in ~/Documents/FoilAuth.

The format of the encrypted file is described here.

Note that you can add your encrypted files and the Foil key to the backup with the help of My Backup app.

Source code: https://github.com/monich/harbour-foilauth

Screenshots: 
Application versions: 
AttachmentSizeDate
File harbour-foilauth-1.1.9-1.aarch64.rpm359.37 KB22/07/2023 - 06:32
File harbour-foilauth-1.1.9-1.armv7hl.rpm331.7 KB22/07/2023 - 06:32
File harbour-foilauth-1.1.9-1.i486.rpm377.38 KB22/07/2023 - 06:32
File harbour-foilauth-1.1.8-1.aarch64.rpm359.54 KB22/07/2023 - 06:02
File harbour-foilauth-1.1.8-1.armv7hl.rpm331.51 KB22/07/2023 - 06:02
File harbour-foilauth-1.1.8-1.i486.rpm377.66 KB22/07/2023 - 06:02
File harbour-foilauth-1.1.7-1.aarch64.rpm358.48 KB07/05/2023 - 20:23
File harbour-foilauth-1.1.7-1.armv7hl.rpm330.58 KB07/05/2023 - 20:23
File harbour-foilauth-1.1.7-1.i486.rpm376.6 KB07/05/2023 - 20:23
File harbour-foilauth-1.1.6-1.aarch64.rpm347.88 KB14/04/2023 - 22:02
File harbour-foilauth-1.1.6-1.armv7hl.rpm319.5 KB14/04/2023 - 22:02
File harbour-foilauth-1.1.6-1.i486.rpm364.58 KB14/04/2023 - 22:02
File harbour-foilauth-1.1.5-1.aarch64.rpm346.14 KB15/01/2023 - 06:22
File harbour-foilauth-1.1.5-1.armv7hl.rpm317.69 KB15/01/2023 - 06:22
File harbour-foilauth-1.1.5-1.i486.rpm362.39 KB15/01/2023 - 06:22
File harbour-foilauth-1.1.4-1.aarch64.rpm331.35 KB26/09/2022 - 20:00
File harbour-foilauth-1.1.4-1.armv7hl.rpm303.98 KB26/09/2022 - 20:00
File harbour-foilauth-1.1.4-1.i486.rpm347 KB26/09/2022 - 20:00
File harbour-foilauth-1.1.3-1.aarch64.rpm332.16 KB17/08/2022 - 02:32
File harbour-foilauth-1.1.3-1.armv7hl.rpm303.84 KB17/08/2022 - 02:32
File harbour-foilauth-1.1.3-1.i486.rpm346.76 KB17/08/2022 - 02:32
File harbour-foilauth-1.1.2-1.aarch64.rpm321.5 KB25/07/2022 - 04:57
File harbour-foilauth-1.1.2-1.armv7hl.rpm292.19 KB25/07/2022 - 04:57
File harbour-foilauth-1.1.2-1.i486.rpm335.18 KB25/07/2022 - 04:57
File harbour-foilauth-1.1.1-1.aarch64.rpm365.23 KB13/06/2022 - 04:58
File harbour-foilauth-1.1.1-1.armv7hl.rpm328.79 KB13/06/2022 - 04:58
File harbour-foilauth-1.1.1-1.i486.rpm372.66 KB13/06/2022 - 04:58
File harbour-foilauth-1.1.0-1.aarch64.rpm364.06 KB20/03/2022 - 21:13
File harbour-foilauth-1.1.0-1.armv7hl.rpm327.55 KB20/03/2022 - 21:13
File harbour-foilauth-1.1.0-1.i486.rpm370.51 KB20/03/2022 - 21:13
File harbour-foilauth-1.0.21-1.aarch64.rpm364.35 KB15/11/2021 - 02:26
File harbour-foilauth-1.0.21-1.armv7hl.rpm327.73 KB15/11/2021 - 02:26
File harbour-foilauth-1.0.21-1.i486.rpm372.17 KB15/11/2021 - 02:26
File harbour-foilauth-1.0.20-1.aarch64.rpm364.29 KB05/11/2021 - 04:45
File harbour-foilauth-1.0.20-1.armv7hl.rpm721.42 KB05/11/2021 - 04:45
File harbour-foilauth-1.0.20-1.i486.rpm843.93 KB05/11/2021 - 04:45
File harbour-foilauth-1.0.19-1.aarch64.rpm363.92 KB10/10/2021 - 21:43
File harbour-foilauth-1.0.19-1.armv7hl.rpm327.26 KB10/10/2021 - 21:43
File harbour-foilauth-1.0.19-1.i486.rpm370.8 KB10/10/2021 - 21:43
File harbour-foilauth-1.0.18-1.aarch64.rpm369.01 KB30/07/2021 - 21:13
File harbour-foilauth-1.0.18-1.armv7hl.rpm331.71 KB30/07/2021 - 21:13
File harbour-foilauth-1.0.18-1.i486.rpm375.73 KB30/07/2021 - 21:13
File harbour-foilauth-1.0.17-22.1.aarch64.rpm353.09 KB18/04/2021 - 00:26
File harbour-foilauth-1.0.17-22.1.armv7hl.rpm309.04 KB18/04/2021 - 00:26
File harbour-foilauth-1.0.17-22.1.i486.rpm361.11 KB18/04/2021 - 00:26
File harbour-foilauth-1.0.16-21.1.aarch64.rpm348.66 KB23/02/2021 - 20:07
File harbour-foilauth-1.0.16-21.1.armv7hl.rpm305.05 KB23/02/2021 - 20:07
File harbour-foilauth-1.0.16-21.1.i486.rpm357.06 KB23/02/2021 - 20:07
File harbour-foilauth-1.0.15-20.1.aarch64.rpm346.32 KB23/02/2021 - 05:19
File harbour-foilauth-1.0.15-20.1.armv7hl.rpm304.09 KB09/01/2021 - 07:06
File harbour-foilauth-1.0.15-20.1.i486.rpm355.31 KB09/01/2021 - 07:06
File harbour-foilauth-1.0.14-19.1.armv7hl.rpm303.1 KB20/12/2020 - 06:53
File harbour-foilauth-1.0.14-19.1.i486.rpm354.77 KB20/12/2020 - 06:53
File harbour-foilauth-1.0.13-18.1.armv7hl.rpm301.55 KB11/12/2020 - 06:45
File harbour-foilauth-1.0.13-18.1.i486.rpm353.98 KB11/12/2020 - 06:45
File harbour-foilauth-1.0.12-17.1.armv7hl.rpm302.42 KB30/11/2020 - 18:17
File harbour-foilauth-1.0.12-17.1.i486.rpm353.5 KB30/11/2020 - 18:17
File harbour-foilauth-1.0.11-16.1.armv7hl.rpm300.52 KB16/11/2020 - 13:58
File harbour-foilauth-1.0.11-16.1.i486.rpm352.83 KB16/11/2020 - 13:58
File harbour-foilauth-1.0.10-15.1.armv7hl.rpm300.43 KB16/11/2020 - 03:39
File harbour-foilauth-1.0.10-15.1.i486.rpm352.43 KB16/11/2020 - 03:39
File harbour-foilauth-1.0.9-14.1.armv7hl.rpm299.11 KB13/10/2020 - 01:29
File harbour-foilauth-1.0.9-14.1.i486.rpm351.27 KB13/10/2020 - 01:29
File harbour-foilauth-1.0.8-12.1.armv7hl.rpm300.59 KB08/10/2020 - 02:23
File harbour-foilauth-1.0.8-12.1.i486.rpm353.29 KB08/10/2020 - 02:23
File harbour-foilauth-1.0.7-11.1.armv7hl.rpm298.25 KB03/01/2020 - 19:39
File harbour-foilauth-1.0.7-11.1.i486.rpm350.45 KB03/01/2020 - 19:39
File harbour-foilauth-1.0.6-10.1.armv7hl.rpm297.09 KB12/11/2019 - 03:02
File harbour-foilauth-1.0.6-10.1.i486.rpm348.5 KB12/11/2019 - 03:02
File harbour-foilauth-1.0.5-9.1.armv7hl.rpm289.9 KB22/04/2019 - 13:06
File harbour-foilauth-1.0.5-9.1.i486.rpm340.12 KB22/04/2019 - 13:06
File harbour-foilauth-1.0.4-8.1.armv7hl.rpm289.68 KB13/04/2019 - 00:41
File harbour-foilauth-1.0.4-8.1.i486.rpm339.26 KB13/04/2019 - 00:41
File harbour-foilauth-1.0.3-7.1.armv7hl.rpm288.45 KB11/04/2019 - 15:03
File harbour-foilauth-1.0.3-7.1.i486.rpm337.9 KB11/04/2019 - 15:03
File harbour-foilauth-1.0.2-6.1.armv7hl.rpm287.17 KB11/04/2019 - 01:18
File harbour-foilauth-1.0.2-6.1.i486.rpm336.38 KB11/04/2019 - 01:18
File harbour-foilauth-1.0.1-5.1.armv7hl.rpm285.06 KB10/04/2019 - 18:37
File harbour-foilauth-1.0.1-5.1.i486.rpm335.06 KB10/04/2019 - 18:37
File harbour-foilauth-1.0.0-4.1.armv7hl.rpm284.31 KB10/04/2019 - 14:46
File harbour-foilauth-1.0.0-4.1.i486.rpm333.54 KB10/04/2019 - 14:46
Changelog: 
  • 1.1.9 (Jul 22 2023)
    - Fixed countdown timer on the cover page
  • 1.1.8 (Jul 22 2023)
    - Actually use timeshift
    - Fixed couple of Steam token issues
  • 1.1.7 (May 7 2023)
    - Added support for Steam variant of TOTP
  • 1.1.6 (Apr 14 2023)
    - Improved QR code scanning
    - Slightly redesigned QR code page
    - Request focus for password field at startup
    - Updated Swedish translation (Åke Engelbrektson)
  • 1.1.5 (Jan 15 2023)
    - Support for token groups
    - New UI for reordering tokens
    - Updated Polish translation (Atlochowski)
  • 1.1.4 (Sep 26 2022)
    - Fixed a problem with import via QR code
  • 1.1.3 (Aug 17 2022)
    - Implemented import of multiple tokens
    - Freshened up the UI
    - Removed MD5 support
  • 1.1.2 (Jul 25 2022)
    - Tweaked token creation workflow
    - Switched QR-code decoding from zxing to zbar
    - Properly support non-ASCII labels
  • 1.1.1 (Jun 13 2022)
    - Allow to turn autolock off
  • 1.1.0 (Mar 20 2022)
    - Opt out of sandboxing (no more Jolla Store updates!)
    - Improved QR code scanning performance
    - Minor UI tweaks
    - Added Chum metadata
  • 1.0.21 (Nov 15 2021)
    - Load libcrypto.so dynamically
  • 1.0.20 (Nov 5 2021)
    - Link OpenSSL 1.0 statically for compatibility with Sailfish OS 4.3
    - Updated Polish translation (Atlochowski)
    - Tweaked selection page
  • 1.0.19 (Oct 10 2021)
    - Support for HOTP (counter-based) passwords
    - Copy password to clipboard on tap
  • 1.0.18 (Jul 30 2021)
    - Allow to choose HMAC digest algorithm
    - Generate QR codes with lower error correction level
    - Reworked QR code scan UI transitions
    - Don't ignore issuer of scanned tokens
    - Export or delete multiple tokens at once
  • 1.0.17 (Apr 18 2021)
    - Support for reading otpauth-migration QR-codes
  • 1.0.16 (Feb 23 2021)
    - Hungarian translation (@1Zgp)
  • 1.0.15 (Jan 9 2021)
    - Tweaked remorse items a bit
    - Integration with My Backup
  • 1.0.14 (Dec 20 2020)
    - Fixed flashlight
  • 1.0.13 (Dec 11 2020)
    - Fixed QR code scanning on Sailfish OS 4.0
    - Updated libqrencode to v4.1.1
  • 1.0.12 (Nov 30 2020)
    - Added "Show QR code" context menu item
    - Display QR code full screen when it's tapped
  • 1.0.11 (Nov 16 2020)
    - Updated Polish translation (Atlochowski)
  • 1.0.10 (Nov 15 2020)
    - Adapted to recent changes in Sailfish OS
    - Polished landscape layouts
  • 1.0.9 (Oct 12 2020)
    - Fixed a problem with initial update of current passwords
    - More dialog titles
  • 1.0.8 (Oct 7 2020)
    - Added German translation (Samuel Kron)
    - Use stronger SHA256 digest for signature
    - Tweaked password change UI
  • 1.0.7 (Jan 3 2020)
    - Support for scanning inverted QR codes
    - Autolock is delayed by 15 seconds
    - Miscellaneous UI tweaks
  • 1.0.6 (Nov 12 2019)
    - Freshened up the UI
  • 1.0.5 (Apr 22 2019)
    - Query the actual maximum zoom from the camera
    - Improved French (Quentí) and Polish (Atlochowski) translations
  • 1.0.4 (Apr 12 2019)
    - French translation (Quentí)
  • 1.0.3 (Apr 11 2019)
    - Swedish translation (Åke Engelbrektson)
  • 1.0.2 (Apr 11 2019)
    - Chinese translation (@dashinfantry)
  • 1.0.1 (Apr 10 2019)
    - Polish translation (Atlochowski)
  • 1.0.0 (Apr 10 2019)
    - Initial version

Comments

MacGyver's picture

Actually, I might need to recheck, if HOTP is used anymore, I guess TOTP has surpassed it these days.

And thanks for the backup info, now I can sleep knowing my tokens are safely backed up, and encrypted.

Surprisingly few authentication apps have own password as added security layer. I guess most people think it more of a hassle...

slava's picture

I'll tell you more :) If you build foilmsg tool then you can decrypt your auth tokens on your computer, you don't need a phone for that. Suppose you have pulled a file named 5E6FD647B7683FAC from your ~Documents/FoilAuth directory. And foil.key file too, of course. Then you can do something like this:

$ foilmsg -d -s foil.key -P xxxxxxxx -f 515B8BF49C1DF7E5 -o secret -v
[foilmsg] Private key fingerprint: 53:ae:7e:54:c2:d2:43:88:2a:98:a0:24:4a:90:66:1f
[foilmsg] Found 3 header(s)
[foilmsg]   OTP-Label: test2
[foilmsg]   OTP-Favorite: 1
[foilmsg]   OTP-Digits: 6

where foil.key is your foil private key file, xxxxxxxx is your foil password. Your secret token is written to the file named secret in the binary form, i.e. as a sequence of raw bytes - in order to get the token string the way you see it in FoilAuth app, you would have to run your secret bytes through a Base32 encoder.

kaulian's picture

hi @slava,
thanks for tools, i just break my sailfish phone..
I have backup i use your tool to generate the secret file but i cant decode it to view the secret to generate the otp. :/
Could you provide me an example to view secret ?
Thanks

kaulian's picture

OK...

Simply base32 secretfile... I searched too complex

MacGyver's picture

Interesting, so you could easily move your tokens to other apps too using this method, if needed? Anything can happen, gotta be prepared :)

slava's picture

To copy a token from Foil Auth to pretty much any other OTP app you can long-press the token, choose "Show QR code" from the context menu and scan that QR code.

Alternatively, you can choose "Select" from the main pull-down menu, select the tokens you want to copy and tap the Export button in the bottom right corner of the screen. This way you can export multiple tokens at once, at least to Google Authenticator (or any other app which happens to support those multi-token QR codes).

24mu13's picture

Interesting thinking about fingerprint authentication: I'm still convinced it's useful and convenient, anyway. What about to have both for instance? Password first time, fingerprint for kind of quick unlock?

nobodyinperson's picture

This is a really neat app!

TheJullus's picture

Would it be possible to make an option to use fingerprint authtentication for unlocking these foil apps? (Possible in sense of being able to do it and also if it's against the security idea you have (as in "password stronger that PIN code"))

slava's picture

Hehe, I was actually considering something like that but it turned out to be impractical and in many ways less secure. Probably the best argument which I heard against that or any kind of biometric authentication in general - "you can change your password but you can't change your fingerprint". When it comes to the actual implementation, it turns out that on most systems you don't have access to raw fingerprint images. You can only match the current fingerprint against the training set and that's it. It's just not enough to generate any kind of hash or anything that could be used as an encryption key.

TheJullus's picture

Is it some how possible to use old codes after resetting the phone? I tried to use this app with same password but it says there is no codes (or notes in FoilNotes) Ps. Would it be possible to use fingerprint authentication to open the Foil apps?

slava's picture

I'm afraid you've lost your auth token forever and need to request a new one :/ Once the old encryption key is gone, there's no way to recover encrypted data. At least there sholdn't be by design, unless the design is flawed (I hope not).

TheJullus's picture

I do have the auth token because I did a backup of my nemo folder. I just switched foil.key in .../nemo/.local/share/foil and it works just fine!!

slava's picture

Good! Just don't lose your key and don't forget your password :)

glanternier's picture

Ok. I now understand how it works. I had to use inWebo anyway because the helpdesk was being stupid and rigid about this, but I understand what I have to do next time if I want to use the native app. Thanks !!!

glanternier's picture

Hello, I want to use Foil OTP to register my O365 account at work, but the IT helpdesk insists on going with an Android app called inWebo. I think that I could use Foil OTP instead, but I don't understand how OTP works technically so I am not sure. The helpdesk will not help me of course. Seeing an non Android / iOS device almost caused them a panic attack :-(

slava's picture

If you enter your foil password, select "Add Token" from the pulley menu and press "Scan QR code" button (they provided you the QR code, didn't they?), you should be able to import the token and use Foil Auth for authentication.

These "one time passwords" are essentially one long password (the secret= part of otpauth:// URL), out of which a shorter one is generated based on the current time. The algorithm implemented by Foil Auth is described here

direc85's picture

Works well, great app!

explit's picture

Absolut great like all your apps, Slava!

minitreintje's picture

The Foil apps are simple, polished and work really well! Thanks Slava!

Historyscholar's picture

Nice

Pages