Sat
Mar 9

KeePassDroid NFC support

Update: I reimplemented this as two separate apps, which is a bit nicer from a security perspective. Write-up and APK for the new version.

Just as I threatened in my previous post, I've implemented NFC support in KeePassDroid. This means that you can create an NFC tag which decrypts your database, no password required.

You'll need a spare, writeable NFC tag, such as one of these.

You'll also need to use my version of KeePassDroid:

KeePassDroid.apk | Source code on Github

Select a database as normal. When you get to the password screen, enter your password and press the new "NFC..." button.

You will be taken to the NFC writing activity:

Select "Write NFC" and place an NFC card on your device.

When you're done, you should be able to scan your NFC card and go directly to your password database from anywhere in Android.

Details on the security of this scheme are in the previous post. The short version is that it's okay if your NFC tag gets stolen or copied, and it's okay if your phone gets stolen, but if your NFC tag gets copied and your phone gets stolen you have a problem.

Note that you can rewrite the NFC tag as many times as you like. Each time you do, a new encryption key is generated. So if you lose an NFC tag, just write a new one and the previous tag immediately becomes useless.

Comments, questions, and bug reports welcomed. This has been minimally tested (on a Nexus 4) and I make no guarantees that it does anything at all. :)

Of course, I didn't write KeePassDroid. It's by Bryan Pellin and a lot of other contributors. Official site.

Good luck and enjoy!