January 19, 2017 by globz
I am a bit of a freak when it comes to managing my passwords because I have enabled many protection layers before I can get to them.
- I moved my encrypted container from TrueCrypt to VeraCrypt after a warning appeared on the project page : http://truecrypt.sourceforge.net/
- I am using KeePass as a password manager, I do not want to deal with any cloud based manager.
- I am using Dropbox for syncing my encrypted container+Keepass ( I know this is part of the “cloud” but I believe it is less likely to get targeted because Dropbox != online secure password vault advertised everywhere on the internet.)
- I never save passwords in Chrome/Firefox or any other browsers and all my password are fucking complex so there’s basically no way to remember them, this way I have no choice but to rely on my password manager.
Now that’s fairly straight forward to setup on Windows or Linux, you create an encrypted container with VeraCrypt then you can assign it a Master Key in order to decrypt it.
Download KeePass, create a new database and assign it a Master Key then add stuff to it and hit save! Then place your kdbx file inside your decrypted container.
Unmount your container and place it inside your Dropbox and voila you now have a local password manager syncing across all of your device and that extra layer of security (VeraCrypt) keeps my worries on the low while all of my entire password collection is sitting on a remote server somewhere in the world.
*Useful tip below from http://disk-decipher.hekkihek.nl/disk-image-formats
Note that if you store your VeraCrypt images inside a folder which is synchronized to a cloud storage service like Dropbox or Box, you probably want to turn the VeraCrypt option “Preserve modification timestamp of file containers” off to allow the cloud storage agent to correctly detect changes to your VeraCrypt containers after unmount. Otherwise your VeraCrypt container will not be correctly synchronized to your cloud storage service.
Therefore open VeraCrypt and go turn it off! (Settings/Preferences)
The problem when it comes to your mobile phone, in my case I am using an iPhone so this post will strictly talk about this ecosystem, is that you now have to deal with a complete different set of apps just to try replicating the workflow above.
The first logical step is to find an app to decrypt your container, naturally I went on the VeraCrypt website to find out if there’s an iOS version but to no avail I found this link instead :
They are listing two alternative apps which currently support VeraCrypt :
- Disk Decipher: http://disk-decipher.hekkihek.nl/
- Crypto Disks: https://itunes.apple.com/us/app/crypto-disks-store-private/id889549308
After a little digging I went with Disk Decipher, I have never tried Crypto Disks but I believe it is fairly the same or maybe even more user friendly from what I can tell.
Once the app is downloaded you can open it and link Disk Decipher to your Dropbox account and when you are done your Dropbox account ID will be displayed so you must remember it for the next step.
Now you must add a remote disk url in order to get access to your container.
A valid Dropbox url will look like this :
dropbox://YOUR_ACCOUNT_ID/encrypted_container (basically the full path leading to your container inside your Dropbox folder)
When you are done simply tap the new url and Disk Decipher will ask for your Master Key to decrypt your container (this may take awhile depending on which type of encryption you are using)
Now you have access to your kdbx file inside your container on your iPhone through Dropbox API on a remote server somewhere in the world!
(Full procedure for extra help @ http://disk-decipher.hekkihek.nl/remote-storage)
Next step is to find an app to read kdbx files because obviously KeePass does not have any iOS app available :D
Here comes MiniKeePass!
Oh and its open source so that’s + in my book.
Simply download the app and then go back to Disk Decipher unlock your container, click your kdbx file and select the “Open in menu”… tap MiniKeePass and accept the prompt asking you to copy the database locally*
*So here’s the issue :
The Open In menu, currently being the only feature requiring saving the decrypted data to disk, will transfer the saved file to another app on your iOS device. The security of this data will be outside of Disk Decipher’s control anyway.
In order to work with my kdbx database in MiniKeePass I must copy the database locally outside of Disk Decipher and “Open in menu” will copy the database to MiniKeePass.
So now we have a syncing issue, because from now on whatever modifications I do inside MiniKeePass will not be synced because the copied database is now outside the container and Dropbox.
Alright, so lets use this as a read-only password manager and lets keep all the important edits on your Windows or Linux box.
The cool thing about this now, is that you can simply open MiniKeePass and the local version will still be there, so you do not have to copy the database from disk decipher every time you wish to access your passwords.
Instead copy the updated kdbx database only when its really necessary by using Disk Decipher else simply use the local version and be done with it!
*I might give it a try with Crypto Disks but I believe I will run into the same issues.
Sorry, comments are closed.