OpVault or Agile Keychain

Does the current version of 1Password 4 for iOS use the new opvault format or the old agile.keychain format?

Comments

  • If you use iCloud for syncing, it uses opvault. If you use Dropbox, it's agile.keychain. In time, all users will be converted to the newer format.

  • JasperJasper

    Team Member
    edited August 2014

    Hi @KeithWeisshar,

    Like hawkmoth mentioned, both formats are used in the current version of 1Password for iOS.

    Dropbox sync uses the Agile Keychain format by default, and iCloud sync uses the new Cloud Keychain/opvault format.

    Please let us know if you have any other questions. We're always happy to help! :)

  • Xe997Xe997
    edited August 2014

    More and more people on this forum seem to ask about the opvault format. Perhaps they found the opvault menu selection in 1Password for Windows, or maybe they found out titles and URLs are not encrypted in agilekeychain, googled that fact and found the support document describing the technical details about the new opvault format (where those properties are encrypted).

    Also, in the descriptions on the various app stores, you say this:

    Google Play

    Secure with Tamper-proof Authenticated Encryption using AES-256 and Encrypt-then-MAC

    Mac App Store

    Protect yourself with tamper-proof Authenticated 256-bit AES Encryption

    iOS App Store

    Encrypts all your data using authenticated AES 256-bit encryption

    As I understand it, this is technically true because if you're not syncing the old agilekeychain is not used, only an internal format with similar security properties as opvault. And syncing is disabled by default (and with iCloud you always get opvault). However, while the default is not to use sync, you really are encouraged to enable it.

    In any case, I think it's time for AgileBits to clarify the situation with opvault, preferably with a blog post. Currently, the only information about the rollout of opvault is here: http://learn2.agilebits.com/1Password4/Security/rollout.html. It is quite vague.

    For example, I keep reading about opvault not being ready. This is obvious with the Android version (and older Mac and Windows versions that might still be in use). But what about the other 3 versions (sorry Windows Phone, I'm ignoring you in this context). 1Password 4 for Windows, Mac and iOS can read and write to the new opvault format, even for Dropbox syncing. The Mac and iOS versions lacks an "use opvault button", but it is possible to convert to it with a workaround. The Windows version explicitly allows you to choose opvault in the vault creation menu.

    So, given this fact, when you say the format is not ready, are you only pointing to the fact that opvault is not ready for all platforms? In what ways is opvault not ready on Windows, Mac and iOS? Lack of conversion tool agilekeychain > opvault? Lack of opvault enabling button in UI?

  • How long does it take to be converted to the new format for all users and platforms?

  • thightowerthightower T-Dog Agile's Mascot
    edited August 2014

    If I had to guess I would say the changes Apple made to iCloud in iOS 8 and Yosemite have placed a temporary hold on the migration to opvault.

    As it stands iCloud syncing is not available in Yosemite and iOS 8. A new build out of the sync mechanisms are in place. If Apple hadn't made these changes, I suspect we would have already seen the new format. Ok that last sentence is also a personal desire to have seen it already. :D

  • MikeTMikeT Agile Samurai

    Team Member

    Hi guys,

    @Xe997,

    The Mac and iOS versions lacks an "use opvault button", but it is possible to convert to it with a workaround. The Windows version explicitly allows you to choose opvault in the vault creation menu.

    There are bugs with it in the iOS and Mac apps, it is not ready to be used. You may be able to convert it but you risk the chances of data integrity issues when syncing between Mac and iOS. That's why there is no way to turn it on.

    We're doing the best we can to roll it out quickly but it's not that easy to handle all platforms at once with a small team. We'll see about doing a State of the Union type of post on opvault.

    @KeithWeisshar‌:

    How long does it take to be converted to the new format for all users and platforms?

    Much longer than we'd like. Each app must be coded to support the format, then each sync service must be coded to support it, and then we have to do all the testing to make sure it's good to go. The Android and Windows Phone apps are the last on our list to implement the opvault format support.

    @thightower‌:

    If I had to guess I would say the changes Apple made to iCloud in iOS 8 and Yosemite have placed a temporary hold on the migration to opvault.

    Absolutely, we're working our butts off to get 1Password ready for iOS 8 and Yosemite, especially the massive iCloud sync change. We'll explain more later as we're still working on this as we speak.

  • edited August 2014

    Are there bugs in opvault format in the Windows version?

  • Hi @KeithWeisshar‌

    You should not see any issues with opvault format in the Windows version. As @MikeT says, there are a lot of great new things coming with iOS 8 and Yosemite, and our devs are doing the best they can to ensure that everything is ready for you all on iOS and Mac as soon as possible.

    Thanks so much for your patience!

  • @MikeT would you please give us an update on opvault status for iOS and Mac

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @rolfl,

    We don't have any news yet, we're internally testing the opvault support with a private beta team and do plan to flip the switch for the official support relatively soon but I don't have any specific timeframe.

  • Comparing the performance between the old and the new format I have to say that working in the Windows version with the opvault format is not useable for me. I have 280 items in in 1Password. Using the old format it´s running fast (opening the Windows program, changing the view, opening an item) and it´s terribly slow using the same 280 items in the new opvault format. What I did was to export via 1Pif from the old format and import 1Pif into an new created opvault. Any ideas?

  • BenBen AWS Team

    Team Member

    Hi @Ralph1‌

    As Mike explained above opvault is still in development, and as such it hasn't been fully optimized yet.

  • cfabriccfabric Junior Member
    edited February 2015

    I am using 1Password 5 and 4 on Macs (yosemite and mavericks) and 1Password for Android (all in their latest minor versions). This document [link removed by admin - see comment below] suggests that we can switch over to opvault when all platforms support it, and I think I have read the latest Android does.

    Anyway, using the defaults trick in the Terminal does not make 1Password 4 use opvault by default... I am confused. What is the status?

    Thanks!

  • BenBen AWS Team

    Team Member

    Hi @cfabric‌

    As I mentioned here opvault isn't 100% done yet. It is possible to use the format on a number of platforms but it isn't available universally yet, and we haven't necessarily finalized the format yet.

    Using the Terminal command does not automagically switch your currently syncing vaults to opvaults. You'd need to disable and re-enable syncing, which will create a new opvault. Once you are sure you have everything syncing again, using opvault, you can delete the Agile Keychain(s) from your sync provider.

    Thanks!

  • AleenAleen 1Password Alumni

    I removed the link in @cfabric's post above because we're still working on that particular security document and we want to be sure that it is perfect before users attempt these instructions.

  • How can I, a Beta-user help you with testing the conversion process and functionality ? Is it possible to work with two vaults in Drop-Box:

    1. My current 1Pw-Agile.Keychain, created on my Macbook-Pro, used by me and my girlfriend on IOS/ OSX with the 1Password 5.3 -(530029) Apple-Store version.
    2. My 1Pw-Agile.Opvault, created originally on my Windows 8.1 PC, used by myself for testing conversion, functionality and usability?

    I already have created an Opvault in the Windows desktop Beta version 4.3.2.BETA-571 on my local HDD and tested a new entry. I examines the opvault file and I was happy when I noticed that te encryption of URL's and Titles is realized. Unfortunately the example's in the opvault documentation show me that the Password-hint is still defined in plain text. I've already checked it out in other blog items but there is no priority to fix this weakness. Till then users must realize that they should be very careful when using the password-hint.

    Greetings Willem
    The Netherlands - Zwolle (OV)

    • Let's create the best Passwordmanager together -
This discussion has been closed.