From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B67D4C05027 for ; Wed, 8 Feb 2023 14:00:16 +0000 (UTC) Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 8e686949; Wed, 8 Feb 2023 14:00:14 +0000 (UTC) Received: from mail.mokrynskyi.com (mail.mokrynskyi.com [46.4.12.50]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id a4257326 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Wed, 8 Feb 2023 14:00:12 +0000 (UTC) Message-ID: <918a6ce2-436e-3b98-de88-0c4735163830@mokrynskyi.com> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mokrynskyi.com; s=dkim; t=1675864811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=poWsdyhtZsb6xWY457/ooTc4PYcPcITdRc/KkJxMI28=; b=EUnRxn297otd9j37v3oW1AIfetjHzPAj519+7egN5UxCTcxGg3U5b88zrXnQb6fUfWZC3r tfxZuuPFwABgZFg+T6TxNwgEx6Ys1gSlerTW/e2AHObXyKwOr0g0r05LU//5fazWL+2iMW UQaSVnKIm8C/TwAkeMI/uffv2UA683oYL62B53GkW+LVhfR0KXMtExgmaTTTgJP82mfRWL gyaK7hk4x7qzsyHd0cR2ioI2sha4xEISwL7NP3Vn2lRv2MvWHgYFH0uCRfkvgXUrGi0ER4 3sF1cPJERnk5D9fHzAOsxfzvNik7Lfh9MQsDPimDXGGxtPe8J1kG8BCo4hwxbQ== Date: Wed, 8 Feb 2023 16:00:09 +0200 MIME-Version: 1.0 Content-Language: ru To: John Sahhar Cc: "Jason A. Donenfeld" , wireguard@lists.zx2c4.com, David Cowden References: <5e029a99-a860-0ae0-be72-df53cf82d0ce@mokrynskyi.com> <7SV3pRtTQ0fygsJjyhdMRte9uso_M0G_jTfDeqnELBrym4Z_3NeGeIvgNYpEdXttpmafNk_A2NqH26O6VF_8pgrXjzUOmrCVPehRX7Iu_eE=@pm.me> From: Nazar Mokrynskyi Subject: Re: Allow client-side encrypted backups for Android app In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------QlE0pwjhpJRIJUcCmTRE1Qbs" Authentication-Results: mail.mokrynskyi.com; auth=pass smtp.mailfrom=nazar@mokrynskyi.com X-Spamd-Bar: / X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------QlE0pwjhpJRIJUcCmTRE1Qbs Content-Type: multipart/mixed; boundary="------------iDCfuRmirvBoF0T0iU7z6SGw"; protected-headers="v1" From: Nazar Mokrynskyi To: John Sahhar Cc: "Jason A. Donenfeld" , wireguard@lists.zx2c4.com, David Cowden Message-ID: <918a6ce2-436e-3b98-de88-0c4735163830@mokrynskyi.com> Subject: Re: Allow client-side encrypted backups for Android app References: <5e029a99-a860-0ae0-be72-df53cf82d0ce@mokrynskyi.com> <7SV3pRtTQ0fygsJjyhdMRte9uso_M0G_jTfDeqnELBrym4Z_3NeGeIvgNYpEdXttpmafNk_A2NqH26O6VF_8pgrXjzUOmrCVPehRX7Iu_eE=@pm.me> In-Reply-To: --------------iDCfuRmirvBoF0T0iU7z6SGw Content-Type: multipart/mixed; boundary="------------qKYAXs1d6CvBZlcKtuD7DNkK" --------------qKYAXs1d6CvBZlcKtuD7DNkK Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable No, I'm requesting for Wireguard Android app to stop intentionally disall= owing backups: https://git.zx2c4.com/wireguard-android/tree/ui/src/main/AndroidManifest.= xml?id=3D713947e432126e0e29dcf497960e5fa0f6301e2b#n36 Sincerely, Nazar Mokrynskyi github.com/nazar-pc 08.02.23 15:34, John Sahhar =D0=BF=D0=B8=D1=88=D0=B5: > I missed the intro to this thread, but if I'm understanding correctly > you need a safe way to back up your wg keys/configs? I wrote a bash > script a few years ago which I use for that, perhaps a starting place > for what you're trying to accomplish. > > https://github.com/ok-john/wireguard-tools/tree/master/contrib/key-grid= > https://syscall.network/releases/key-grid.svg > > -- > Regards, > John Sahhar > Cryptographer @ Entropy > > On Wed, Feb 8, 2023 at 12:44 PM Nazar Mokrynskyi = wrote: >> I know there is an export feature in the app and I used it successfull= y, but it doesn't make much sense to me to have that and disable OS backu= ps at the same time. >> There are use cases for one-off copying of things for which exporting = as zip is great, but there are also others. >> >> I don't want to have set a reminder and regularly go though every sing= le app manually, use their flavor of backup feature (that doesn't necessa= rily store everything BTW, including in Wireguard), then collect the file= s somehow, encrypt them and send to the destination. >> >> What I want is automation: configure the tool (SeedVault in my case) t= o create backups of all apps every day and store them in encrypted form o= n my private Nextcloud instance with ability to restore backups easily la= ter on. >> The issue is that some apps like Wireguard prevent me from enjoying th= at workflow fully and right now I don't see why would it be beneficial fo= r Wireguard to intentionally prevent that. >> >> With that context I hope it is clearer why I'd appreciate for current = design decision around that to be re-evaluated. >> >> Sincerely, Nazar Mokrynskyi >> github.com/nazar-pc >> >> 08.02.23 04:19, David Cowden =D0=BF=D0=B8=D1=88=D0=B5: >>> On Android 12+ you can configure which files are backed up (among oth= er things) at runtime using the BackupAgent API https://developer.android= =2Ecom/guide/topics/data/autobackup. Would you be opposed to this being a= configurable option that defaults to off? >>> >>> David >>> >>> ------- Original Message ------- >>> On Tuesday, February 7th, 2023 at 7:03 PM, Jason A. Donenfeld wrote: >>> >>> >>>> I think I'd prefer to still keep this a bit more locked down. There = is >>>> the "export tunnels as zip" feature (which requires an explicit >>>> authentication step each time), which you can use for backup/restore= =2E >>>> >>>> Jason --------------qKYAXs1d6CvBZlcKtuD7DNkK Content-Type: application/pgp-keys; name="OpenPGP_0x8CF6D73DB34AAFEA.asc" Content-Disposition: attachment; filename="OpenPGP_0x8CF6D73DB34AAFEA.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFUlzH8BEAC37PQeMveTFll8acCO+51NcMP7qsrRqeh0VNnnADUjSI6Te5/k Xd3tM0nvrYCiwgwouTbitpTEVhAD7dqAFfD5VOL3pXSYPt7UMUKNahMUlrCg6nYN FGe3zZBpT/ztbKjZJ60UwJCnxDVk6cgVM+QXqzcBPHHWzy9X6QqN8JnN7Ar5SmjX vQCLEFONQM5FwqpRrgvegue8LJSz6qQ9vx7htp4pWshf1mWxSVbCkjVCYAlX08tS itKFQjVGRcGWLXI+xxbGe/xDUkZikisX/KK3156t2/mG+E+qesJ71IGRPMW/QC+0 nxO5HZCN97X3fEjUQBwJQPxQKSiHCqZzlCaH7hisA1DcswjHrZszCSQn5TdfqsDu GBludmkHEmQ5m96GAaakWrgaTndDCS9MewJ/qlHUtO9TXyDIDKwmukheDU2CfJfM GLxmI3BYxBCo7fjobB4MHOWUkYWb4AtrNN2qiolAKTT/CLxu25ilQyDknC6px64K Z8PyPvFNN18K37ij8fiA45XCd8t5QwT6yfQQiRkO/T3oJx51Urt1fRPrltGjkq8p XFuloIy8dOShGR/3GACPPpfc0AIQzOCRAoISVEFaB4Xruw0iYbPYElu7JG8AurYk M0TUzuyQdAm3bT6WtAzrO7UIZAqVFLC4TrYeThsQWzMmsoXlXQH3ql/61QARAQAB zSFOYXphciBNb2tyeW5za3lpIDxuYXphckBlY29pcy5tZT7CwXgEEwECACIFAlUl 0BkCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIz21z2zSq/qCW4QAJmq 2/aMUQ/UfmNUg1swJtt18O7fNCKd8cDHMiuqfWe3ATc4hJsOMVnqFcxbXFoJ9InD 7iuV5r9zWwYJuZPemPHcpNfRMPCclKcw+3kDgJK3X3bd7EyIER0HFu3q5dYTZpTA jdW1scURgMgnYYJK0jbJ5CcCJwIYi8pRQtnd8ZOzq9Q4RanJ2Mh+RKgPorWXPpks v/ibmVJqG7ftNUyEdIkF5FMV+S7dAvOnTT6FxhB4EM32gIb4A1Ts39EAni0impRz ltwuAbExTYOmYGYH8PTpA17rtAtaovZuk409XamCzQMg+iTxAiNzhmTNOZ1rurf4 NmoC+KFKpaNX3Vf09cneCqFLb0/kUaO8XbCfRwIaTCQfek0UjLOBgRO3u5Gd1nqi zzfFlqVqmIYTGQ3cr8gD34Y2bmuhGk/dkUi32svibrXIvMHEbo67UCunJLPNKnQG m4b0iDIAdNB7SMchmTPAsXBIJ7CCpLspLZhzkVpn1ey48VQpJhGlLgWCRhVxroQE o/qG4Imgd1ddmLsVZFV1r3vktiFJSlSNTeEKPGX/djntZ9OXJLr45g7U1RczDeoW iRRVbvnbCIEIjcCXtJJJKM5MLBoXKncJOUn5Wsdo+Tv+EMhujmqrsKkwWuMtlPo+ va6sgJN4bL7C72RUG3l2SQ6XUuEHJdP2m0VNkZD/zSdOYXphciBNb2tyeW5za3lp IDxuYXphckBtb2tyeW5za3lpLmNvbT7CwXsEEwECACUCGwMGCwkIBwMCBhUIAgkK CwQWAgMBAh4BAheABQJVJdAmAhkBAAoJEIz21z2zSq/qz4wP/Roty5WL8N8fS9ae e+iHLlFd9JV3jXHu35Rb8jODeUKwXcOTQ2g7GH83TDTEm0sJl6KFVjuijaM/OX0r jFHhSV74f2KmnP5KJ8v9o55O/tgXFotyolVJsXEAb3DJmr9LAsqClutTUVvPOmY+ mI+LjsCL7Awb1gKDLrFNfWrU0/zrHy1kra5/zNygCndcWJ0WefKgtpPnV6J6GNH7 m/zC7XBr8FfGmeNbS4LRFxMOSyuR/7zzCiFmgE9g581BaYla9PWsAmeeCF1pgkW1 OflnTOsHfet8Y19w1YAP7Mo9tSMvTt3EgL+4RIXYID/17mnjRP9XkBYR3mqsKgZB WVhOiGHaHAiYLfPRnfs+IHL+8AaeDVL0cQL/aOKIBlWnKYxIpzA5JG8dlG4ATNc2 EVPtoyNF1eSbmAy5FVgXULVu/PK14Xz0feWjtCaKxSYfununloAaFFxjn5kHAs5T RkhCa3qQVmzJBYxmluet6gS8getWVgHZER6KgttD7TUnpl1momxNhAt0FG3+zc4z 2dliSKibf8jzNQu4TEMst2Ilp5mHpRTagHV31v9QO6bLJKxfjBMhlEHIpeMkvEXm 4l7hA2tasYSB/HALYjn2Y6TkCsrnnXJeIJKFAMs8S44RFq6C9GI3MWTHTa+0Yvnz 28J1jS9MovykmZlcOY93eJq/BSwYwsF4BBMBAgAiBQJVJcx/AhsDBgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAAKCRCM9tc9s0qv6iFeD/9Q41gmapbDpIlAqX4OsMLk XaXCQFVm7HfFfb7Y4qa5bBNW4Lv/q7JIp5H65+QKNrjzQu0TytNF4YfRH+0VSEaN OHKCpF1njSBRPqorXxHqfK5y+Lxfg7GwyxJU21TcH9K+tkVQHSVpfibEQ2O/gygN c0440gQGJWn02W3Kh19T8ebJNli9SaR3j4QmLPLZbvTa9LNUOTfMJBRcJCdv9OE1 hqHdWEdLSDHe+3vrKbBiONC2YOaeSSAdP0WSq8OcFnKTaQmwVJF3ky6FE/V7IVN1 lETnVhBdMrM5XlpWsdEYi81NytRiAdo4t39kXhRvU2MZrkctJ2ED/+ebrpISRCgo wDwLdFSOyZ+CqqcuZYsqD+9dsbnPUDWLGHsspipt4SkNKAlSWA554UX9FZLmWzVX gmJrNFZhBVCBiM2rjSwwWVSTXkP4mE2wFVwFlJx4vQS7nSCt6xq7iotTOUbY46QS M0MVc1uUZA7fMXClzU3Y0YfdCv6uZGBl3kKnsFJP/79URPssAkL0a7uJqOpgl/eF cyVyU9FxQiBAoeeHw0magrkP4VnnFV+BXMKAKH1VuWZIj7X998pwnVKZ1vbrv2y5 4xib4PIV7QcZg6wYvUGa7UT9lOWlcTXUzrPFZ/US+eTLCTgBW9ZnVceMbsXok0Ho TpzOTtwzzUPkAHaqv4/zps7BTQRVJcx/ARAAv/nlcwzuUVwHdVZnG82vspDV06Ox SQ6RsPNY26yZn/i/leV6bl45chSDXPiI3j0KLH69DVTbKfiZ115WSR7+3WhCD6gY dpoCUmaHlCI+AD8NJkdViR13QH2SjjE5AXuJgU59fHOMdQ6vPvWr103Pkf3yzuKi lj+yHAtxqSYGocG6PWSufqi25hQtgowNmgT1wYktJ9JAOzeynG0MYuTNGy8LA+sJ oNSoaLBnupDZmZfx4K786VTIzcWS/GDcwXC63BFgvn2MqfL9OWqEvH/M6DJKjHUS C7Mds0w6cuE5SBEmmtQbETF03DjVXrQ6+ORquoj1r2lFtr4/EfOpwfQhikCbveSK 9dMHJ9lZyPHgTLw2nhKMCokkvYM6aXb1bcqGE1qNO+1MloVak60mTQTJ6+Ch1sb0 GQc/Na/J2ZVJq+AIwY0BST/bZnsBpVlxwHuam9U1dwGyzexcpuzks269HX7o3Pjk CMXyw1bXbLvMzMRjGG1yYyBi/QjjJLziPZ5pwekOxOKfm6MBQ9vurDlbqZOqNMGf 5Ex6jLkg1tdaBXvDntFAk9n527JqMKGle0+mNGO6YJqrigXc+helQ86pWned9ZpQ BS3ksQRYiiqJFnfdkl9wX/v+68NGBNquenVIczbrVRyRIEiykioCsUxINREfFKlv JASMNe5gCXXUF+kAEQEAAcLBXwQYAQIACQIbDAUCVSXPPQAKCRCM9tc9s0qv6gja D/9waGM+98MporUUC1Fp090xv8r9TnzXlFx0PAzIHEYbftz4rmn/u7WhnJ9yk9Ip u4jKhvJjAqw/kH+xcoWsZLuJ8P0MYnd6Vllwko2glvQpJdvkvKSXACWed0WONhUZ nY0A5tqD1ups0/HqpqNtvsZqw13sF1gFOt9B24Mf6IaWfoC6kCfl0bVcdbjiB9CX 81XrHwiqTmChPAo0bO1gHgIbZo6GvmlzX8z4QshL8fOX4Uibf+Qd+a6p8xifp0uc aUpzsdB8GYF9MeeHxYwXfqIeMbSIRAhGVpZ1HEw1icu2zCw0Pe76IX2gQtje46R8 O2rnyNV5f01Odh/GQbEp1eKz75mJRzLglYy9GDGvodvAKjYvIlCI9O8xp2TJpfMB NMEp1zz85ZFNR2U5yss4UdA2RdPX3e842sh1S8ZMlR4QTzH1gfGug4Nc0f386Xeb mahXDBvpfwHjML5WtBOlHhRIxfjp2qROU47p4S9s8NjVUPDo37jJ8OLPXmOUNl88 TKBZaR3/K77PmvR/M0Xe3+KAjIRW8ES0Kva0twxZAyZ2jkS7FuqnP2Oxq0wQors0 pOZTlJ9a3RwIRSul+mztkbciFtIfzH5V8tU2KvmLbjLj58P+d8SL3u5JyU+3xN3D Tmqx2wwyMTl444HpUOdfNWvIdeftQEI9uQhe9FY0psYGpA=3D=3D =3DOe+F -----END PGP PUBLIC KEY BLOCK----- --------------qKYAXs1d6CvBZlcKtuD7DNkK-- --------------iDCfuRmirvBoF0T0iU7z6SGw-- --------------QlE0pwjhpJRIJUcCmTRE1Qbs Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEERsBQp7B9wt91PKHZjPbXPbNKr+oFAmPjqukFAwAAAAAACgkQjPbXPbNKr+qn mxAAoQSAdozuEOopCm7OubyTL4ht07NME8H2k6AlWL8PZ46RKSgmd7B2xYpDgp14N/m6yQBYAytL KflWN8zcpGqUPgw5FYddaT2UHec9ElfHj0cN64WEb49BOW7fEMX+cWj+2zO+NCmJfNvZqhBywny2 JZgVeT9dNXXo8zJJwzEjcgjya4ZMnmxvZGhVkNr9sIsa83IkT+X8cDsvZJP2+SSfMTRSU074Biqx O4JYffyYqxgU5lHFTZCoJxO1ARi0CLCfGcnaB8CGatL9oTO8PzATAKBDW3+8JSjqBPVlCtugfc2u NjfgFuprJXkkKVWnVLo8HWxczZz3HSN6S8ELcWpjNpRjZN/qyCfHgWBykQLv7NtfLdOr9b3W6v+W MI/MqPALfHUEF4pSCEDLUfORVUXJPdrHINGRXlz5HWBdXi466/zCM3+8+VhMdV9cy1sNVGrgHBL2 zYIzd2hm4FpIMk+JJPJIXDRQpH8usMDLi3bf8rwYXBd4BqhmwZNnGI3j0zkct7nE0/rSDAaBCvtL 3HMzKEXsr60lGg+dLB9LuWVLvGZOPWgvXq6i4YUbJi0uymg49cq0Z8GjkganUIGxTLQ/62lxrK7e eSB8teDfHkXA9b6L2AfITucGo2RoZ7nrYzwzrADxxFcngRu2dxclOm74tGIEPif5IbxZTi7cq21E 9lM= =9yPk -----END PGP SIGNATURE----- --------------QlE0pwjhpJRIJUcCmTRE1Qbs--