I am looking to build a small console based password manager. I started looking at this when RoboForm stopped being able to work in a Firefox browser with a local password file. They now force passwords to their cloud platform. Uck.
Bottom line, I need to encrypt sites, names, and passwords into a small files which I can rsync amongst devices until I can build in a sync'ing process. I would like to be able to do this between Linux, Mac, Windows, and Android.
I started by doing a test program with crypto++, as it seemed to be a lightweight library which could easily be adapted for use on the Android.
Further research indicates that switching to libsodium might be worthwhile. Documentation seems to be better, and it explicitly supports Android, and it interestingly discusses the drawbacks of using GCM-AES, and instead suggests using ChaCha20-Poly1305 for Authenticated Encryption.
Something to go along with is being able to use the SSH agent for nonce signing. Information is available in SSH Agent Protocol or draft-miller-ssh-agent-02. With a bit of an example at How to use the ssh-agent programmatically for RSA signing .
More coding to do.
In related reading, I came across:
- Tox, protected, encrypted, private, distributed instant messaging, voice, video, screen sharing, filesharing, and groups.
- stellar: is a platform that connects banks, payments systems, and people. Integrate to move money quickly, reliably, and at almost no cost.
- pbox which uses pbox files to hold encrypted items (almost what I'd like to do)
- OpenBazaar: a free online marketplace, with no platform fees, no restrictions, and provides an ability to earn cryptocurrency. Some background.
- Self-sovereign identity - an entirely new distributed ledger that’s engineered for the sole purpose of identity. supporting cast.
Beginnings of a console based password manager.