~increscent/shadow

Password Manager
Updated config stuff and made closing more robust
Making it easier to run locally
working on sqlite running issues

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~increscent/shadow
read/write
git@git.sr.ht:~increscent/shadow

You can also use your local clone with git send-email.

#Shadow

My password manager (affectionately named after /etc/shadow)

Deployed at: s.rjava.net

#Motivation

In my effort to move away from proprietary cloud services, I wanted a place to securely store my passwords that wasn't a browser and wasn't owned by anyone else, but was still available on the web. I had just taken some cryptography courses so I think I made it quite secure. To be clear, I did not roll my own crypto. I used the fantastic crypto primitives in the JavaScript standard library.

#How It Works

The user gets an access token for the service by verifying her/his email. The server sends the user an email with the token. The token allows the user to download her/his encrypted passwords. All passwords are encrypted in a bundle on the client, so the server never has access to the plain-text passwords. Additionally, only the user can access the encrypted bundle because it's protected by email. Once the user has the bundle, she/he can then decrypt it on the client with a secret password. If any changes are made, they are automatically added to the bundle and it is re-encrypted and sent to the server.

#Running

Dependencies:

  • node
  • npm (for nodemailer and uuid)
  • C toolchain (gcc, make, etc.)

Create the DB:

cd sqlite
./initDB.sh
cd ..

Make a config file called config.js in the root directory. (You can use config.json.example for reference.)

npm install
node index.js

On FreeBSD, you can set it up as an RC service and proxy it with Nginx by running setup/setup_freebsd.sh. On Linux, you can use the same Nginx configuration, and run it is a systemd service.

#Backup

Dependencies:

  • sqlite3

You can backup the database by running backup.sh in the sqlite folder. This backup file can be used in place of the database file (shadow.sqlite) if necessary.

You cannot recover the passwords if you forget your client password!!