Backup your profiles




With Olvid, everything happens and stays exclusively between your device and those of your contacts since everything is encrypted between these devices, with keys that only they can generate.

Olvid never needs – and doesn’t want – personal data to operate. There is no Olvid account. There are only your Olvid profiles on your device.

Thus, the device on which you have your Olvid profiles is the only one able to help you change devices and keep them on the next one. If it is not available, read these warnings.

Backup your Olvid profiles

In anticipation of a change or loss of device, only a backup of your Olvid profiles with your original device will allow you to restore them on your next device.

This backup is an encrypted file with a key that only you can generate and see only once on the device that holds your updated Olvid profiles.

So write down this key once and for all on paper. It will still be used on your next devices, as long as you don’t lose it.

If you lose it, you can always generate a new one on the last device on which Olvid was running. But only the next backups will be decipherable with this new key.

How to back up and restore your Olvid profiles

  1. Generate your backup key once and for all, on the device that holds your updated Olvid profiles.

  2. Activate automatic backups or generate a manual backup.

    We recommend that you enable automatic backup immediately to sleep easy 😴, since the backup file is encrypted by a key that only the device at its origin was able to generate and display to you only once.

  3. On your new device, install Olvid. When you open it for the first time -and only then-, Olvid offers you to restore a backup. Do not create a new Olvid ID. Otherwise, uninstall and start again.

  4. With the right key and the right backup file, you will be able to restore your Olvid profiles on the new device.

  5. New secure channels will be automatically created between your new device and your contacts’ devices.

How to start?

First, generate your backup key.

Warnings

  • An Olvid profile does not work on two devices at the same time, for now. Restoring a backup to a new device will block the use of the profile(s) on the device that generated the backup. You will not be able to communicate on Olvid with the old device but the content will be kept, until you uninstall Olvid.

  • Messages and attachments are not saved, in order to maintain the forward secrecy guaranteed by Olvid.

  • If you change OS (iOS <-> Android):
    • Perform a manual backup because automatic backup will not work.
    • Olvid for iOS does not yet support multi-profile. So it is not possible to restore a backup containing multiple profiles on iOS.
  • Without your backup file and key:
    • Your Olvid Profiles (ID, contacts,…) will be lost and unrecoverable forever without your original device.
    • You will have to create a new Olvid ID on your next device.
    • All your contacts will have to delete your lost ID from their contacts.
    • Your presence in groups could create complications for some of your contacts.

Is the backup secure?

Of course, every Olvid backup file is systematically encrypted with a high level of security thanks to the key you automatically generated with your device and it alone. It will encrypt all your backups, once and for all, as long as you do not decide to change it. How does it work?

In a nutshell

The complete encryption of Olvid backups use our expertise in cryptography to prevent any unauthorised access to the data stored in the backup. This data is your Olvid profiles and only.

In detail

The first answer of our doctors in cryptography deserves its place here (and never hesitate to question them) :

“For our backups, it’s a bit more complex than that :)

The backup key that Olvid displays is a “seed” that is used to initialize a PRNG (a standard HMAC-SHA256 based thing). This seed contains 160 bits of entropy (32 characters with 5 bits each).

This PRNG is used to generate an encryption key pair on Curve25519.

The public encryption key is stored on the phone and is used to encrypt backups as they are made. A KEM ECIES is used on Curve25519 coupled with AES256-CTR-then-HMAC-SHA256 encryption.

The secret key that allows decryption is discarded –> the only way to reconstruct it is to know the seed.

When restoring a backup, the seed is entered, the key pair is generated and the decryption can be done. But if your phone is stolen, the key on the phone does not allow you to decrypt old backups. This is essential to keep the forward-secrecy on backups too.

That’s it!”.

For experts

Details are published in Specifications of Olvid - Application and Server, Part VI - Keys and Contacts Backup, p.99.

Where is the right backup file?

With automatic backup

With automatic backup, your backup files are stored in a space in your cloud account that you have authorized Olvid to access. But these files are and will remain invisible and inaccessible to any application other than Olvid.

There is no point in trying to use other applications that browse the contents of this cloud account to find these files. Only the Olvid application installed on your new device and where you have authorized it to access this cloud account will be able to find them to restore the latter.

Do not try to recover an automatic backup file by any means other than Olvid. It will remain unretrievable.

With a manual backup

With a manual backup, your backup file is generated locally on your device and you must know how to locate it and then transmit it directly to your next device, avoiding going through a third party device (computer or Samba server, etc…) that could corrupt the access rights to this file.

That’s why we recommend that you enable automatic backup immediately to sleep easy 😴, since the backup file is encrypted by a key that only the device at its origin was able to generate and display to you only once.