An extremely safe password keeper website .
All sensitive user data is either hashed or encrypted in client side, hence all the data in the database becomes junk data if you happen to have access to it. This means developers / system admins can't ever know the passwords you store in the website. Even if someone somehow stole your authentication token they won't be able to decrypt the encrypted passwords because the encryption key is never sent to the server side. the cool thing is that the whole method is 100% testable directly from your browser.
The diagram below shows how the sensitive user passwords are processed in both client/server sides before they are stored in the database ( click on the diagram to see it in full size ) :
- UserPassword : is the password used to for authentication .
- NewPassword : is the password that the user want to save to retrieve later .
- privateHash & publicHash are totally different algorithms you can find them in /resources/assets/helpers/index.js
- Encryption/Decryption done by the use of CryptoJS encryptoin library .
Since the whole website is a one page web app , you can easily check outgoing/ingoing data from the dev tools , to ensure the data you send is being hashed/encrypted :
also note that the app shows in the console every request data and how this data is encrypted and by which key .
If you have some experince in React/Redux feel free to check the redux action creator in /resources/assets/actions/index.js . Here is all the requests to the server has been established and all passwords are being hashed and encrypted , it is fairly simple and easy to follow the code .
- PHP 7.2
- MySQL
- Laravel 5.6
- JWT Authentication : laravel-jwt-auth 1.0
- React.js 16.4
- Redux 4.0
- React Router 4.3
- SimpleCryptoJS 2.0
- Material-UI 1.5
- Clone Repository :
git clone https://github.com/WadhahEssam/password-pocket.git
- Install composer dependencies
composer install
- Install node dependencies
npm install
- Create database and put your database configration in the .env file
DB_DATABASE=password-pocket
DB_USERNAME=root
DB_PASSWORD=
- Migrate your database tables .
php artisan migrate
- Generate JWT secrete key .
php artisan jwt:secret
- Run php server .
php artisan serve
- Compile javascript files .
npm run watch