Backup your profiles
- Generate your backup key
- Automatic backup
- Manual backup
- Verify your backup
- Restore a backup
Backup your profiles
In anticipation of a change or loss of device, only a backup of your Olvid profiles with your original device will allow you to restore them on your next device.
Because with Olvid, everything happens and stays exclusively between your device and those of your contacts since everything is encrypted between these devices, with keys that only they can generate.
Olvid never needs – and doesn’t want – personal data to operate. There is no Olvid account. There are only your Olvid profiles on your device.
Thus, the device on which you have your Olvid profiles is the only one able to help you change devices and keep them on the next one. If it is not available, read these warnings.
Content of the backup
Your backup file contains your Olvid profiles only.
- Messages and attachments are not included in the profiles, nor in their backup.
Each profile is totally independent from the others. Each has its own:
- Olvid identity (ID) and contact details (name, first name, company, profile picture)
- Contacts and groups
- Related cryptographic keys
- Discussions and their settings
This backup is an encrypted file with a key that only you can generate and see only once on the device that holds your updated Olvid profiles.
So write down this key once and for all on paper. It will still be used on your next devices, as long as you don’t lose it.
If you lose it, you can always generate a new one on the last device on which Olvid was running. But only the next backups will be decipherable with this new key.
- Without your backup file and key:
- Your Olvid Profiles (IDs, contacts, groups and settings) will be lost and unrecoverable forever without your original device.
- You will have to create a new Olvid profile on your next device.
- All your contacts will have to delete your lost profiles from their contacts.
- Your presence in groups could create complications for some of your contacts.
Messages and attachments are not saved, in order to maintain the forward secrecy guaranteed by Olvid.
An Olvid profile does not work on two devices at the same time, for now. Restoring a backup to a new device will block the use of the profile(s) on the device that generated the backup. You will not be able to communicate on Olvid with the old device but the content will be kept, until you uninstall Olvid.
- If you change OS (iOS <-> Android):
- Perform a manual backup because automatic backup will not work.
Simple steps to backup and restore your Olvid profiles
Generate your backup key once and for all, on the device that holds your updated Olvid profiles.
Activate automatic backups or generate a manual backup.
We recommend that you enable automatic backup immediately to sleep easy 😴, since the backup file is encrypted by a key that only the device at its origin was able to generate and display to you only once.
On your new device, install Olvid. When you open it for the first time -and only then-, Olvid offers you to restore a backup. Do not create a new Olvid ID. Otherwise, uninstall and start again.
With the right key and the right backup file, you will be able to restore your Olvid profiles on the new device.
New secure channels will be automatically created between your new device and your contacts’ devices.
How to start?
First, generate your backup key.
Is the backup secure?
Of course, every Olvid backup file is systematically encrypted with a high level of security thanks to the key you automatically generated with your device and it alone. It will encrypt all your backups, once and for all, as long as you do not decide to change it. How does it work?
In a nutshell
The complete encryption of Olvid backups use our expertise in cryptography to prevent any unauthorised access to the data stored in the backup. This data is your Olvid profiles and only.
The first answer of our doctors in cryptography deserves its place here (and never hesitate to question them) :
“For our backups, it’s a bit more complex than that :)
The backup key that Olvid displays is a “seed” that is used to initialize a PRNG (a standard HMAC-SHA256 based thing). This seed contains 160 bits of entropy (32 characters with 5 bits each).
This PRNG is used to generate an encryption key pair on Curve25519.
The public encryption key is stored on the phone and is used to encrypt backups as they are made. A KEM ECIES is used on Curve25519 coupled with AES256-CTR-then-HMAC-SHA256 encryption.
The secret key that allows decryption is discarded –> the only way to reconstruct it is to know the seed.
When restoring a backup, the seed is entered, the key pair is generated and the decryption can be done. But if your phone is stolen, the key on the phone does not allow you to decrypt old backups. This is essential to keep the forward-secrecy on backups too.
Details are published in Specifications of Olvid - Application and Server, Part VI - Keys and Contacts Backup, p.99.
Where is the right backup file?
With automatic backup
With automatic backup, your backup files are stored in a space in your cloud account that you have authorized Olvid to access. But these files are and will remain invisible and inaccessible to any application other than Olvid.
There is no point in trying to use other applications that browse the contents of this cloud account to find these files. Only the Olvid application installed on your new device and where you have authorized it to access this cloud account will be able to find them to restore the latter.
Do not try to recover an automatic backup file by any means other than Olvid. It will remain unretrievable.
With a manual backup
With a manual backup, your backup file is generated locally on your device and you must know how to locate it and then transmit it directly to your next device, avoiding going through a third party device (computer or Samba server, etc…) that could corrupt the access rights to this file.
That’s why we recommend that you enable automatic backup immediately to sleep easy 😴, since the backup file is encrypted by a key that only the device at its origin was able to generate and display to you only once.