OPVault format for backups?

rfc1918

Hello,

I just upgraded to version 6 in the Mac Store app. Since I was originally a version 3 user, I want to make sure every copy of my data is now in the most up-to-date format and ultimately delete all older format files.

a) Are the newly created backup files (1p4_zip) in the new OPVault format?

b) Is the data stored in the latest iOS app in this format already? (Do I need to do anything?)

I was doing Folder sync and Wifi sync (for iOS) in the past. I deleted my Dropbox sync data a long time ago and never used iCloud.

I created a new folder for folder sync and the file is now named .opvault.

Do I need to do anything else to take advantage of the new security?

Thanks

---

1Password Version: 6.x
Extension Version: Not Provided
OS Version: 10.10
Sync Type: Folder

littlebobbytables

Hi @rfc1918,

In 1Password 3 the backup files were zipped copies of your Agile Keychain because your vault was the Agile Keychain. If you adjusted the extension you could have OS X unzip the file and in return you would get an Agile Keychain. From 1Password 4 and onwards (both on Mac and iOS) the file is still a renamed ZIP file but the contents are now the encrypted SQLite database file that holds not just your primary vault but copies of all vaults attached to this copy of 1Password. It's the entire contents of the Data that we zip up to be precise. We create check daily to see if a new backup is required which we base on if there have been changes since the last. If you haven't altered your vault we leave it and check again the next day. This is why you may see days or even weeks between backups as we don't unnecessarily backup if there is no gain from creating a new file.

Now you can use Folder Sync to create an OPVault and use whatever backup software to replicate what 1Password is doing. I would just add two points.

1. An OPVault, just like an Agile Keychain only stores a single vault. If you have multiple vaults in your copy of 1Password each must have it's sync set separately to create its own sync container.
2. A sync container, whether it is an Agile Keychain or OPVault only represents your vault as it is at this moment. If you don't perform versioning in your own backup solution then all you will ever have using this route is a copy of your current vault. The reason I mention this is our backup allows you to revert to a previous version while if you only maintain a single copy of the OPVault as it is right now then you lose this particular benefit.

Whether you make use of the backups automatically made in 1Password or decide to kind of replicate this using sync both use the exact same encryption and all the same data is encrypted in both cases.

Does this help at all?

rfc1918

ok - if I understand this correctly, the SQLite database file found in my backups (and elsewhere) use the newer encryption technologies. At this point, I should not have any legacy format data to worry about. Thanks

littlebobbytables

Hello @rfc1918,

We use the same encryption algorithm in every from 1Password 3 and up. We did alter the number of PBKDF2 iterations in a later version of 1Password 3 to improve matters but the security afford by the decisions then mean we still believe your data is as secure today. We take every precaution with your backups as we do the vault container as current data, sync data or backups - all have to be as secure as each other otherwise the work done in one place is in vain.