Passify

Rotating Device Encryption Key

Passify generates a unique, random, 1024bit device-specific encryption key when it is first ran or reset for all on-device encryption. This key is stored in OS-provided secure storage.

Because this value is not fixed and random, it can easily be changed by performing an application reset and restore/sync.

Resetting Passify completely removes your data!Backup your Generators before performing a reset.

To force Passify to rotate its device-specific encryption key:

1. If you're using sync, force an immediate sync to ensure it is up-to-date, and make sure you have the encryption key you used when setting up the Sync Provider.
2. Backup your Generators and note the encryption key.
3. Make sure your Generators have been backed up
4. Seriously, make sure your Generators have been backed up
5. Perform an app reset as detailed in the "Resetting Passify" KB article. When prompted, select the "Reset App" only option to retain your sync data on your provider.

6. Restore your Generators.

   • If you were using sync, re-configure your Sync Provider and Passify will automatically re-sync and replace data, or
   • Restore your backup from step 1.

   Be sure to use the same encryption key that you used with your Sync Provider or when backup.