Account key storage / system keyring
I’ve seen some discussion regarding the handling of the account key, and I’m curious whether it would be feasible to leverage the system keyring to store and retrieve account information. I’ve noticed that the GUI app already operates in this manner, at least on macOS and iOS.
Leveraging the data that’s already stored would lower the bar for initial session creation and improve security a smidge. There would be no need to reinvent the wheel either given the availability of cross-platform keyring libraries.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
The Mac and iOS apps store a copy of the emergency kit in the keychain, but for normal operations they do not store the secret key (what used to be called account key) in the system keychain. It's stored within the sqlite database used 1Password Account data. On the Mac the system keychain is mostly a train wreck of usability, and we avoid using it as much as possible.
We've had many discussions here about storage of the secret key locally. It's a fun problem to throw thinking power at, but we haven't figured out anything better than currently. On iOS we could actually do better than we're currently doing by using the system keychain there as it actually works nicely. But it's also the OS that is the least concern due to good sandboxing implementation available. And once you break the sandbox via jailbreaking you'd also break the security provided by the system keychain.
Rick
0