Skip to content
A password manager REST service with client-side encryption
Branch: master
Clone or download
Marco Bellaccini
Marco Bellaccini Fixed README again and again
Latest commit 1abb3d2 Jan 7, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
opqpwd
LICENSE
MANIFEST.in
README.rst
setup.py

README.rst

opqpwd

opqpwd is a password manager REST service with client-side encryption.

It is written in Python 3, using Django and Django REST framework.

opqpwd stands for "opaque passwords": it encrypts password on the client-side, making them "opaque" to the server. Moreover, user registration and authentication is performed using salted hashes of user-chosen username and password: this boosts users anonimity with respect to traditional services, hiding even the service-registration username.

Passwords (and metadata) are stored in your favorite database as Base64-encoded, encrypted JSON. Encryption is performed using AES-256-CBC, with HMAC-SHA-256 authentication.

scrypt is used as key derivation function.

It features an example command-line client (you can find it in the bin folder).

opqpwd was written by Marco Bellaccini - marco.bellaccini(at!)gmail.com.

BEWARE: OPQPWD IS PROOF-OF-CONCEPT SOFTWARE, FOR TESTING PURPOSES ONLY.

Quick start

  1. Make sure you meet all software dependencies (Django REST Framework, scrypt - you'll need libssl-dev for it, pycrypto, requests and, of course, Django).

  2. Add "opqpwd" and "rest_framework" (of course, you have to install Django REST Framework too!) to your INSTALLED_APPS setting like this:

    INSTALLED_APPS = [
        ...
        'rest_framework',
        'opqpwd',
    ]
    

    In the same file (settings.py), specify this custom authentication backend:

    # set custom authentication backend
    AUTHENTICATION_BACKENDS = ['opqpwd.authentication.UserCredBackend']
    
  3. Include the opqpwd URLconf in your project urls.py like this:

    url(r'^', include('opqpwd.urls')),
    

    Note: make sure you import include with from django.conf.urls import include.

  4. Run python manage.py migrate to create the opqpwd models.

  5. Start the development server (BEWARE: in a real environment you should run it over https, however, as already stated, THIS IS A PROOF-OF-CONCEPT SOFTWARE, FOR TESTING PURPOSES ONLY).

  6. Start the cli-client script:

    opqpwdcliclient
    

    Note: if you installed the package as a user library, the script will likely be in .local/bin in your home folder.

  7. Connect to the development server:

    connect http://127.0.0.1:8000
    
  8. Register a user:

    adduser
    

    (if you want, you can also generate an authentication token to use along with the password)

  9. Login:

    login
    
  10. Add a password to the db:

    addpassword
    
  11. List all stored passwords titles:

    printall
    
  12. Print details of the password you just stored:

    print 1
    
  13. Upload encrypted passwords to the server:

    save
    
  14. Get help with the other commands:

    help
    
You can’t perform that action at this time.