Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 
 
 
 
 
 
 
 
 

opqpwd

opqpwd is a password manager REST service with client-side encryption.

It is written in Python 3, using Django and Django REST framework.

opqpwd stands for "opaque passwords": it encrypts password on the client-side, making them "opaque" to the server. Moreover, user registration and authentication is performed using salted hashes of user-chosen username and password: this boosts users anonimity with respect to traditional services, hiding even the service-registration username.

Passwords (and metadata) are stored in your favorite database as Base64-encoded, encrypted JSON. Encryption is performed using AES-256-CBC, with HMAC-SHA-256 authentication.

scrypt is used as key derivation function.

It features an example command-line client (you can find it in the bin folder).

opqpwd was written by Marco Bellaccini - marco.bellaccini(at!)gmail.com.

BEWARE: OPQPWD IS PROOF-OF-CONCEPT SOFTWARE, FOR TESTING PURPOSES ONLY.

Quick start

  1. Make sure you meet all software dependencies (Django REST Framework, scrypt - you'll need libssl-dev for it, pycrypto, requests and, of course, Django).

  2. Add "opqpwd" and "rest_framework" (of course, you have to install Django REST Framework too!) to your INSTALLED_APPS setting like this:

    INSTALLED_APPS = [
        ...
        'rest_framework',
        'opqpwd',
    ]
    

    In the same file (settings.py), specify this custom authentication backend:

    # set custom authentication backend
    AUTHENTICATION_BACKENDS = ['opqpwd.authentication.UserCredBackend']
    
  3. Include the opqpwd URLconf in your project urls.py like this:

    url(r'^', include('opqpwd.urls')),
    

    Note: make sure you import include with from django.conf.urls import include.

  4. Run python manage.py migrate to create the opqpwd models.

  5. Start the development server (BEWARE: in a real environment you should run it over https, however, as already stated, THIS IS A PROOF-OF-CONCEPT SOFTWARE, FOR TESTING PURPOSES ONLY).

  6. Start the cli-client script:

    opqpwdcliclient
    

    Note: if you installed the package as a user library, the script will likely be in .local/bin in your home folder.

  7. Connect to the development server:

    connect http://127.0.0.1:8000
    
  8. Register a user:

    adduser
    

    (if you want, you can also generate an authentication token to use along with the password)

  9. Login:

    login
    
  10. Add a password to the db:

    addpassword
    
  11. List all stored passwords titles:

    printall
    
  12. Print details of the password you just stored:

    print 1
    
  13. Upload encrypted passwords to the server:

    save
    
  14. Get help with the other commands:

    help
    

About

A password manager REST service with client-side encryption

Topics

Resources

License

Releases

No releases published

Packages

No packages published

Languages