>If you want to design "pipe-in-a-sky" solutions then it's simpler to just reuse already existing SIM care to store password. Still will require quite a lot of code on uncrypted "startup" partition but will be usable, for example,
I don't want to store the decryption key in permanent storage on my phone (or its SIM-card which can be read easily).
>when your magic server will not be available (because your service plan does not include data roaming, for example).
That's why I'm going to add an SMS-based protocol. 130 characters are more than enough for secure key exchange.