Backup/Restore with Plausible Deniability

Hi there. I recently bought two OnlyKeys (one, plus a backup). I set both up using the OnlyKey App on my laptop by following the Plausible Deniability Setup Guide | Docs. I managed to complete up to the end of step 7 for the first one (intended as my primary key, so I skipped step 8), and then I loaded slot 1a (on the 1st profile) with the label “KeePassXC” (so I could tell if the backup had successfully loaded onto my empty backup key), and I then went to the “Backup/Restore” tab in the app and created a backup without any issue.

I then repeated steps 1-7 exactly the same way with the same PINs and the same passphrase (I copy-pasted from a text document for both OnlyKeys for this part of the test, to absolutely sure the passphrase was the same). For step 8, I selected the backup I created, but it flashed red. I opened the 1st profile of the backup OnlyKey, and saw nothing in any of the slots (the backup hadn’t worked). I then went to the “Backup/Restore” tab of the app, entered “config” mode using the 1st-profile PIN, selected the backup file I had created, and pressed “Restore to OnlyKey”. The key flashed red the way it did before, and the backup had failed.

For reference, I already checked if it was a keyboard settings problem, as I found that was a problem with a previous issue I had, but it didn’t change anything. I also tried lowering the autotype speed in case the backup file itself was being typed out wrong, but that didn’t change anything either.

The only thing I didn’t do was to change all my preferences to what is provided in this image (taken from Plausible Deniability Setup Guide | Docs), because I assumed only the “full wipe” and “backup key mode” settings were important:

It looks like you have an old version of the OnlyKey App. Can you make sure you have the latest firmware and app here:
https://docs.crp.to/app.html
https://docs.crp.to/upgradeguide.html

Next, keep in mind that with plausible deniability mode your device is limited when you use your plausible deniability profile. Inside that profile you can’t backup device or use other features that use encryption like 2FA. You can from your primary profile backup your device. If you try to restore a backup where the passphrase does not match on the restore device the restore will not be successful and OnlyKey flashes red.

App v5.3.3 OnlyKey v2.1.1-prodc

I have the latest app version, and the latest firmware version. I also confirmed that the passphrase is the exact same, as stated in my original post. I also checked if changing the keyboard settings worked (it didn’t).

As an added note, as soon as the “-----BEGIN ONLYKEY BACKUP-----” text is finished typing out, the app repeatedly put out the message “Error no ECC Private Key set in this slot”.

Ok I see that the backup has completed. Once you save this backup it can then be restored onto your other device which has the same passphrase.

Yep. I did save the file (as a .txt format, as is the default option) and load it onto the backup key, as stated in my original post. I simply included the image to show the message that was coming up in case it was relevant. I also tested doing it in Windows Notepad (outside of the app, in case it was an app issue), but the same problem occurred.

I spent some time just now redoing the process, and got the same result. I then tried the exact same thing, but the only thing I changed was the type of 2nd profile.

When I tried to restore a backup of an OnlyKey that had a plausible deniability 2nd profile, it failed.
When I tried to restore a backup of an OnlyKey that had a standard 2nd profile, it worked with no issues.

Is this intended that OnlyKeys with a plausible deniability 2nd account are not supposed to be restorable, or are you supposed to be able to restore them?

Is it intended that OnlyKeys with a plausible deniability 2nd account are not supposed to be restorable, or are you supposed to be able to restore them?

Update from me:

After going through the process of making a GPG keypair, and loading the private key to an OnlyKey [one with a plausible deniability 2nd profile], and ticking the box to use as a backup key to replace the backup passphrase [for backup/restore purposes], I found that it was in fact possible to restore it from backup, as long as you load the same private key to the OnlyKey where the backup is being restored onto before performing the “Restore” process.

I’ve made this post here for now as it caused me a bit of confusion, so perhaps it should be mentioned on Plausible Deniability Setup Guide | Docs, that:

  • “It is not possible to restore an OnlyKey with a plausible deniability 2nd profile using a backup passphrase. You need to use a GPG private key as a backup key if you wish to restore a backup of an OnlyKey with a plausible deniability 2nd profile. You can do this in the ‘Keys’ tab in the OnlyKey App.”

Or something to that effect.