A simple tool for storing passwords or anything else you'd like to encrypt - without the risk of your data leaking. No "master password" data is ever stored. No "secrets" are stored in an unencrypted form.
The project started as a CLI tool written in C++. I'm currently working on a browser version in Rust, which will operate slightly differently and currently is in somehwat of a in between state.
The browser app is running here: secrets
The browser app requires a <username, password> pair for authenticaiton, but only the username is stored. Usernames + passwords are used to compute a "checksum" which cannot be reversed into the original password. Checksums are computed via a two step process. First, character values from the two strings are linearly combined into a single 64 bit value. Next this 64 bit value is used to seed a CSPRNG. The first value taken from the random number generator is the checksum.
It's still using the C++ program to handle encryption/decryption. The CLI tool uses keys (different than passwords) to encrypt/decrypt. Each "secret" stored can have a different key. Keys are used to encrpyt/decrypt via a caeser cipher.
The plan is to rebuild the caeser cipher part in Rust to 1) drop the use of keys to simplify the application with just the password, 2) incorperate CSPRNG random numberrs in the encryption process and 3) speed up the program.
This is the first version of the project. Currently the browser version still uses the CLI tool to encrypt/decypt.
When you want to store a new "secret", you provide a key that is used to encrypt the secret phrase. When you want to read back a secret, provide the same key to decript it.
brew tap lewesche/secrets
brew install secrets
Clone this repo, build the executable with "make", and move the executable to somewhere on the $PATH.
Setup might look something like:
git clone ...
cd secrets
make
cp bin/secrets /usr/local/bin
Then run from anywhere with secrets
Before compiling with make, there are macros you can change within secret.h to modify the encryption/decryption algorithm in your binary. See the file for details.
The first time it's run a file will be created in your home directory called .secrets.txt. This is where encrypted text and optionally unencrypted tags are stored. It might be a good idea to save a backup copy of this file.
- Use the same key to read everything. If you use different keys for different secrets, some will return gibberish.
- The index and tag are displayed first, and followed by the decrypted secret on the next line.
- Ex:
enter command (r/w/f/l/d/p/q/h): r
enter a key: password123
0 My netflix password
netflix_passwrd
1 top secret
??D?G??#8뚀
- You'll be prompted for a key, the secret you want to save, and optionally a tag.
- Ex:
enter command (r/w/f/l/d/p/q/h): w
enter a key: key123
enter phrase to encrypt: my_netflix_password
optionally, enter a non-integer tag: netflix
- Indicies must be integers. They correspond to the order the secrets are stored, and may change as secrets are deleted.
- Tags are anything that isn't an integer.
- Ex:
enter command (r/w/f/l/d/p/q/h): f
enter tag/index: top secret
enter a key: myKey
1 top secret
roblox_password
- Does not decrypt anything.
- Does nothing if no matches are found.
- By default, the file created in the home directory is used each time the program starts. With
pyou can specify a new file for the session. - Creates the file specified if it's not found.