This repository has been archived by the owner on Oct 15, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 275
Generate SSH Key
Fabian Henneke edited this page Sep 24, 2020
·
7 revisions
We recommend you generate an SSH key right in the app, which ensures that the private key is stored in your device's secure key storage facility (the Android KeyStore or StrongBox, if supported).
- You are given the option to generate a key automatically as part of the onboarding flow, alternatively go to Settings > Generate SSH key pair
- Select the key type (you can keep the default unless you need to connect to really old servers)
- Choose whether or not to protect your SSH key with your screen lock:
- With protection enabled, you will be asked to confirm your screen lock credentials/biometrics on every sync operation. Your SSH key will become invalid if you ever disable your screen lock.
- Without screen lock protection, your SSH key can be used freely by anyone with physical access to your device, but (depending on your phone's capabilities) will still be extremely hard to extract from it.
- Tap Generate
- Tap Share to copy or send the public key and add it to your ssh server's
.ssh/authorized_keys
.
- Generate the private and public key:
ssh-keygen -t rsa -b 3072 -C "Android Password Store" -f /tmp/id_rsa_droid
- Copy the public key
/tmp/id_rsa_droid.pub
on your ssh server and add in to the~/.ssh/authorized_keys
file:
cat id_rsa_droid.pub >> ~/.ssh/authorized_keys
- Copy the private key
/tmp/id_rsa_droid
to your phone and import it in your Password Store app through the settings.
- Generate or import a GPG key as normal in OpenKeychain
- Check if there is already an authentication sub-key by opening the relevant key, then navigating to the "Advanced" menu > "Subkeys" tab. The icon for authentication looks like an ID card.
- If necessary, generate a new authentication subkey by clicking the "Edit" (pencil) button > "Add" (blue plus), and selecting "Authentication" for the usage. Click "OK" then "Save" (in the top right) if everything looks good.
- You may then obtain the public key by clicking one of the "Share as SSH public key" buttons on the "Share" tab. This is what you need to add to your
~/.ssh/authorized_keys
file, as a new line - To log in using the private key, select "OpenKeychain" as your authentication mode when cloning, then select your GPG key when prompted.