Passknight is a cross-platform, self hosted password manager.
It supports multiple users / vaults, making it easy to organize your passwords and notes.
Easy to setup a secure environment for your whole family.
- Windows
- Chromium based browsers
All of your passwords are encrypted before being stored in firebase.
A Passknight vault is represented by a user in firebase. The password used to authentificate in firebase and get the corresponding vault is the vault's masterpassword.
The masterpassword is then used to derive a private key unique to that vault that will encrypt and decrypt the vault content.
The derivation proccess is done using 600,000 iterations of PBKDF2 with SHA-256 and a randomly generated salt.
To encrypt and decrypt your passwords, Passknigth uses the AES-CBC algorithm with a randomly generated 16 bytes IV. The first 16 bytes of the stored buffer is represented by the IV.
To be able to use firebase's auth persistence Passknight encrypts the private key (using crypto.subtle.wrapKey) and stores it in session storage.
The key used for this encryption is imported from the firebase user UID (which is guaranteed to be unique) using the AES-CBC algorithm.
- Browser extension - WebCrypto API
- Windows - .NET Cryptography
- Login to firebase and create a new project.
- Register a web app.
- Go to authentification and add the Email/Password provider.
- Enable Firestore Database and add the following rules in the
rules
tab:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /vaults/ids {
allow write, read;
}
match /vaults/{vault} {
allow write, read: if request.auth != null && request.auth.uid == vault
}
}
}
To initialize Firebase create a file called firebaseConfig.js
in the extension's folder that should look like this:
const firebaseConfig = {
apiKey: "",
authDomain: "",
projectId: "",
storageBucket: "",
messagingSenderId: "",
appId: ""
};
window.firebaseConfig = firebaseConfig;
Create a file firebase
in the application root directory and paste the firebase API KEY:
[API_KEY]