Comments (6)
I'm definitely interested. Please create a PR.
How are you encrypting the shared password?
I've always wanted to do something like that, but I was afraid of adding a lot of complexity...
from password-manager.
Well, i just realized that i have modified the version you have for download and not the latest (i did not fork it)
The password encryption is intact as you had it before, all i have done is created a new colum in the password table called "sharedWith" this column is not encrypted (varchar, expected to be: username , separated) so i can query passwords created by current user OR sharedWith LIKE % currentUser % on the password.php api endpoint.
For future features this free text field could be autocomplete from the users table so we can limit to fill it with existing only users.
Tomorrow i will try to merge your current branch with the one i have downloaded and create. a PR
from password-manager.
from password-manager.
Close due to inactivity. For new features, please submit MR to the new project. #248
from password-manager.
@ebalestrini @BenjaminHae Sorry I just took a detailed look at this.
From crypto point of view, what you need for "sharing password" is public-key cryptography: encryption and decryption uses two different keys (A for encryption and B for decryption). For each user, the database needs to store: AES encrypted key B
and raw key A
. When user X wants to share password with user Y, he will encrypt the password with user Y's key A (can be read from database) and send to server. Then user Y will pull encrypted password from server and decrypt message with its own key B.
If you are third-party (e.g. owner of database), you won't know user Y's key B because it's encrypted at user Y's browser with AES. And you will not know the password being shared to Y because it's encrypted using key A and to decrypt, you need to know user Y's key B.
A Javascript implementation of this crypto is here: https://github.com/mdn/dom-examples/blob/master/web-crypto/encrypt-decrypt/rsa-oaep.js
from password-manager.
@ebalestrini Since you mentioned PR, I don't know how you implement sharedWith
because user A
's information in database is garbage to user B
if user B
don't know A
's login password. It sounds to me that once user A
wants to share some password, you will post this piece of password in raw
format to server so server can 'tell' user B the raw password
. If so, PLEASE STOP DOING THAT. The design logic of this password manager is that client (web browser) will never provide raw password to server so server operator can't get user's password, the naive sharing will ruin everything.
from password-manager.
Related Issues (20)
- Enable Group by Tags default HOT 2
- sort by name HOT 2
- random_login_stamp HOT 7
- Positive comment and thank you HOT 3
- Extra table td before username HOT 6
- Import problem with Username filed HOT 1
- Complete rework HOT 1
- Import CSV failed. HOT 4
- Replace SHA512 with SHA3-512 HOT 3
- Move to maintainance mode HOT 2
- Upgrade plugin to support v11.00 HOT 4
- PIN doesn't work on newest version HOT 5
- Cannot read property 'importKey' of undefined HOT 2
- TypeError: Cannot convert undefined or null to object AFTER LOGIN HOT 4
- New Implementation is ready HOT 1
- what is the password HOT 6
- Cannot run version 11: error 'sorry-update-your-browser' or am I not meeting the minimum requirements? HOT 1
- Can no longer copy password to clipboard without revealing it? HOT 2
- Current web browser doesn't support the technologies in Android 8.1 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password-manager.