How do I use 1Password 7 without storing any of my passwords in your cloud.

I've been using 1Password 4 for years, very happy with the dropbox experience, but now that I've upgraded to 7, I am perplexed.
I do not want to use your cloud service to store passwords.
I'm sure it's great and all, but I choose not to.

So, how do I configure 1Password 7, to ONLY use the local (dropbox) vaults, and how do I remove the passwords from your cloud?
If I can also keep my shared vault on Dropbox, that would be great too.
I will need to do this on Windows, OSX, and IOS.

Not really interested in a discussion about how/why your cloud solution is better.

I assume you have a tech note somewhere on doing this.

Please advise.


1Password Version: 7.3.657
Extension Version: Not Provided
OS Version: Windows, IOS
Sync Type: Dropbox

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @FredRat,

    Sorry for the confusion with 1Password 7!

    It is possible to purchase a standalone license for 1Password 7 and use it with your local vaults, but if you created a 1Password account and migrated your data, you won't see this option in the app.

    Please send us an email to support+windows@agilebits.com and we will provide you with the instructions on how to migrate your data back to a local vault. Please include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your report in our inbox.

    Cheers,
    Greg

  • FredRat
    FredRat
    Community Member

    I appreciate that.
    However, I've had a chance to reconsider, and to read up on your cloud-based security, which is causing me to strongly reconsider using your cloud-based sync vs Dropbox.

    But, I don't understand exactly how to accomplish the move from Dropbox.

    I have migrated my old passwords to your cloud.
    it appears that the old V4 database still exists as '1Password.legacyagilekeychain' in the original dropbox. I presumably I can now delete this file.
    But there is also a 1Password.opvault that was created. I don't understand what this is, if I need it (or should delete it) and if it's appropriate to have in my Dropbox account.

    My understanding of your product at this point is that the master copy of all passwords is stored in your cloud, with each client (e.g. PC) having its own backup cached copy for off-line use. I don't know where the cached copy is stored, but it doesn't feel like that should be stored in the Dropbox folder.

    So if I am using your cloud, what do I do with the old '1Password.legacyagilekeychain', what is the '1Password.opvault', do I need it, and where should it be stored?

  • MikeT
    edited February 2019

    Hi @FredRat,

    it appears that the old V4 database still exists as '1Password.legacyagilekeychain' in the original dropbox. I presumably I can now delete this file.

    We don't recommend deleting the vault files but archive it to your backup drives instead.

    But there is also a 1Password.opvault that was created. I don't understand what this is, if I need it (or should delete it) and if it's appropriate to have in my Dropbox account.

    1Password 7 only supports the newer and more secure OPVault format, AgileKeyChain was the previous format. When you open your AgileKeychain vault in 1Password 7, we notify that we will upgrade the format for you by importing from AgileKeychain into a new OPVault file folder that'll be stored alongside the renamed .legacyagilekeychain folder.

    The reason for the renaming is in the event of an expected failure, you could easily revert the folder back to AgileKeychain and try again.

    In this case; archive the OPVault folder to your backup drives as well.

    My understanding of your product at this point is that the master copy of all passwords is stored in your cloud, with each client (e.g. PC) having its own backup cached copy for off-line use.

    The short answer is basically, yes but please read the longer accurate answer;

    We do not have a copy of your passwords in the cloud. When you use the desktop app on your computer, the data gets encrypted into random blobs that is then sent to our service to host for you. To us, there are no passwords or logins, all we see is random data that can only be decrypted when you enter your master password and secret key. You can't do this on our servers directly (and your master password/secret key are never sent to us either), what happens is that your 1Password client downloads the encrypted data onto your local drive and then prompt you for both keys to decrypt the data.

    I don't know where the cached copy is stored, but it doesn't feel like that should be stored in the Dropbox folder.

    It is definitely not in your Dropbox folder; we use our own internal database folder to hold your data, it is in %LOCALAPPDATA%\1Password\data. You can quickly get there by opening 1Password and go to Help Menu > Troubleshooting > Reveal 1Password directory in Explorer.

  • FredRat
    FredRat
    Community Member

    Perfect; makes sense.
    I have started converting our computers over to the cloud-based family account.

    Thanks for your help.

    Steve

  • Greg
    Greg
    1Password Alumni

    Hi @FredRat,

    On behalf of Mike you are very welcome! :+1: You might find this guide helpful:

    Move your existing 1Password data to a 1Password account

    Let us know if you have any other questions. Thanks!

    Cheers,
    Greg

  • FredRat
    FredRat
    Community Member

    One more multi-part question.

    I understand how the secret and master pw are used for the Private vaults, but how do you encrypt the Shared vault?

    Obviously, all shared members have access to it, so there must be something special going on to allow each member to decrypt the PWs. How's that happen? Is there a separate key for the shared vault or multiple keys etc.
    This, of course, leads to a bunch of other questions, of where any new keys are stored, how they are distributed; and how synchronization works across multiple members.

    Thanks again

  • FredRat
    FredRat
    Community Member

    Ah, think I found the answer.

    There's a separate copy of the shared vault for each member.
    Every member has a public/private key pair.
    Members read their shared vault using their private keys and write other members shared vaults using the other member's public keys.

    That sounds fine from a crypto point of view.

  • Hi @FredRat,

    Yep, you got it!

    If you'd like to learn more on how this works, we have a technical whitepaper on this here: https://1pw.ca/whitepaper

This discussion has been closed.