YubiNotes for Android
Want to store your notes fully encrypted? Don't feel like sharing the notes with the entire internet? Look no further!
YubiNotes is a different note app. Its secure and the notes are truly for your eyes only. YubiNotes is a open source secure notes app for Android that supports using either a password or the YubiKey NEO to encrypt/decrypt notes. Encryption/Decryption is based on a simple lock system that stores and wipes necessary keys for decryption.
YubiNotes is the perfect companion for anyone with a YubiKey NEO or the desire to keep their secrets to themselves.
Notes are encrypted using AES/CBC with PKCS5 Padding.The encryption and decryption process is based on 4 security keys. The first two are generated the first time the app is started and subsequently stored for safe keeping. The second two are the result of the hashed password or Yubikey input string.
As long as the device is locked only the unique device id keys are stored on the device. The other two keys are wiped when the note store is locked. A one-way hash of the password is also stored on the device when password mode is used.
When decrypting the notes, the following will happen in Password Mode:
The password provided from the user is hashed and checked against the stored hash value. If it matches, the hashed password is separated into two hash strings which are then XOR'ed with the first and second security key. The resulting values are then used as IV and key and used for decrypting the notes.
When decrypting notes in YubiKey mode, the procedure is similar.
The string provided by the YubiKey is XOR'ed first with the first key, and then with the second. The resulting two values are used as IV and key and used for decrypting the notes.
Unfortunately after the password is set it will work for a few sessions. After that when I am prompted to unlock my notes it kindly reminds me that the password is incorrect [even though it is] running Lollipop. Maybe some tweaking. Donation needed in order to update app? If you respond let's please communicate.
Simple and easy to use. However, it still needs a bit of evolving... the ability to associate multiple keys would be nice. Nice work, I look forward to seeing it progress!
Very secure.
Love it - is there the same thing but works via non NFC, otg and net connectivity to yubi servers?
Love it - is there the same thing but works via non NFC, otg and net connectivity to yubi servers?
I know I got my password right but it won't let me in... Grrrrr
Keeps crashing even when it has not been run.
This app shows up as working with my Nexus 4, but Nexus doesn't support the Classic MiFare format that Yubikeys use. So the app is incompatible with Nexus devices. Please update the app listing to reflect this incompatibility.
It would be great if this app could be unlocked with either a password and/or a Yubikey. Thus allowing multiple options for unlock. example, you can choose to unlock a note by password if you did not have your Yubikey present. Also, it would be nice to have a higher security mode that required a password and Yubikey. another issue, Yubikey enrollment needs to be required and made fool proof
Avast AV reports this package as containing "Android:Agent-ACH [PUP]"
by X####:
Very secure.