psswrd-mngr v0.0.6
psswrd-mngr
Pre alpha. At the moment, nothing works as expected! Come back later = )
What is psswrd-mngr for?
psswrd-mngr
is a Node.js application to manage passwords. Setting up an
initial password store is done via the command line. After that, all
interaction is supported via a web interface (adding new passwords, retrieving
passwords, modifying passwords). Along with a password, arbitrary association
text data can be stored (for example, the domain, user name, etc.). Optionally,
synchronization can be turned on with a cloud service such as Drop Box.
Security
The password store is encrypted using AES 256. The key is composed of 3 pieces:
- a short (minimum 6 characters) password string
- a locally stored key file (text, several kilobytes)
- a remotely stored key file (text, several kilobytes)
To decrypt and work with the password store, the following 3 conditions must be met:
- you must provide the password string
- the local key file must be available
- you must provide the URL of the remote key file
The password and the URL will be required when you access the web interface. The location of the locally stored key file is specified in the configuration file (see below).
To use the web interface the user must authenticate using the OAuth2 protocol over an SSL connection.
Initial setup
Make sure you have Node.js and NPM available on your system. To initialize a
new password store in the directory PASSWORD_STORE_DIRECTORY
you would do:
$ npm install -g psswrd-mngr
$ cd PASSWORD_STORE_DIRECTORY
$ psswrd-mngr init
Follow the on-screen instructions. After the initial setup, the directory
PASSWORD_STORE_DIRECTORY
will contain 4 new files:
- password.store
- local.key
- remote.key
- psdm.config
You will have to take the file remote.key
, and put it on some server where it
can be accessible via HTTP. It is best to also have the remote key backed-up
on some external media, in-case you will ever have to re-upload it again.
Sanity check
It is very important that the remote key file can be accessed by psswrd-mngr
,
and that it is not garbled in the process of file transfer. To test that
encryption and decryption is working correctly, after you uploaded the
remote key, please do the following:
$ cd PASSWORD_STORE_DIRECTORY
$ psswrd-mngr check
Also, this sanity check works in all other cases where you think that something is wrong.
Access the web interface
If you have your password store set up, you can start managing your passwords via the web interface like so:
$ cd PASSWORD_STORE_DIRECTORY
$ psswrd-mngr web
The psswrd-mngr
server will be launched, and the access URL will be printed
to stdout. The default URL is http://localhost:8080/
.
Configuration
The file psdm.config
must always be present in the PASSWORD_STORE_DIRECTORY
directory for psswrd-mngr
to function properly. It's contents are something
similar to (note the JSON structure):
{
"ps_file": "password.store",
"lk_file": "local.key",
"p": 8080
}
ps_file
, and lk_file
properties are relative paths to the password store
file and the local key file respectively. The p
property is the port on which
the web interface will be started.
Synchronization
To enable synchronization of the password store, please use the web interface.
You will find detailed instructions there. The synchronization happens
transparently whenever the web interface process is running (i.e. when
the process launched by the command psswrd-mngr web
is running).
Moving the password store between systems
Once you have a password store set up, to access it from another system, there are two options.
The first option is to take the entire folder PASSWORD_STORE_DIRECTORY
and
copy it over to another system. Then, on the other system, you have to make
sure that Node.JS and NPM are available, and then do:
$ npm install -g psswrd-mngr
$ cd WHERE_YOU_COPIED_PASSWORD_STORE
$ psswrd-mngr web
The second options is to connect your system to the Internet (or some private network), and allow your firewall to let the outside word see and communicate with whatever port the web interface is running on. Then you can access the web interface to your password store from anywhere where there is Internet connectivity (or over the private network).