A security-oriented keychain web service
JavaScript
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
chrome
models
License-gpl-3.0.txt
README
app.js
functions.js

README

Copyright 2010 Arran Schlosberg (http://arranschlosberg.com);

This file is part of NodeJS-Keychain (https://github.com/aschlosberg/NodeJS-Keychain).

    NodeJS-Keychain is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    NodeJS-Keychain is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with NodeJS-Keychain.  If not, see <http://www.gnu.org/licenses/>.

---------------------------------------------------------------------------------------

NodeJS-Keychain
https://github.com/aschlosberg/NodeJS-Keychain

Requirements
------------
NodeJs - www.nodejs.org
Express - www.expressjs.com
MongoDB - www.mongodb.com
Mongoose - www.learnboost.com/mongoose/
OpenSSL aes-cbc-256 cipher

Goals
-----
NodeJS-Keychain is intended to be a highly secure and distributable keychain web service for creation and storage of random, long passwords. Security is managed in a trap-door manner such that a single user/password combination is required to unlock a given key but all other data is entirely protected by hashes & salts; the purpose of this is to allow storage in the cloud.

The encryption scheme is inspired by: http://wayner.org/node/21

Usernames are stored as hashes and each user's master password as a hash of 'user_hash|password|salt'. All keys are referenced by a domain (also hashed) and are then encrypted using AES (CBC) 256 bit with the hash of 'password|user_hash|domain_hash' as the key. All hashes are SHA-512 and the one-way mechanism of cryptographic hashes makes public access to the encrypted keychain relatively safe.

Caveat: the trap-door mechanism means that forgetting the master password results in permanent loss of the encrypted data (well... assuming the cipher is good and implemented properly).