Skip to content

ARR4N/NodeJS-Keychain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
chrome
chrome
 
 
models
models
 
 
License-gpl-3.0.txt
License-gpl-3.0.txt
 
 
README
README
 
 
app.js
app.js
 
 
functions.js
functions.js
 
 

Repository files navigation

Copyright 2010 Arran Schlosberg (http://arranschlosberg.com);

This file is part of NodeJS-Keychain (https://github.com/aschlosberg/NodeJS-Keychain).

    NodeJS-Keychain is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    NodeJS-Keychain is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with NodeJS-Keychain.  If not, see <http://www.gnu.org/licenses/>.

---------------------------------------------------------------------------------------

NodeJS-Keychain
https://github.com/aschlosberg/NodeJS-Keychain

Requirements
------------
NodeJs - www.nodejs.org
Express - www.expressjs.com
MongoDB - www.mongodb.com
Mongoose - www.learnboost.com/mongoose/
OpenSSL aes-cbc-256 cipher

Goals
-----
NodeJS-Keychain is intended to be a highly secure and distributable keychain web service for creation and storage of random, long passwords. Security is managed in a trap-door manner such that a single user/password combination is required to unlock a given key but all other data is entirely protected by hashes & salts; the purpose of this is to allow storage in the cloud.

The encryption scheme is inspired by: http://wayner.org/node/21

Usernames are stored as hashes and each user's master password as a hash of 'user_hash|password|salt'. All keys are referenced by a domain (also hashed) and are then encrypted using AES (CBC) 256 bit with the hash of 'password|user_hash|domain_hash' as the key. All hashes are SHA-512 and the one-way mechanism of cryptographic hashes makes public access to the encrypted keychain relatively safe.

Caveat: the trap-door mechanism means that forgetting the master password results in permanent loss of the encrypted data (well... assuming the cipher is good and implemented properly).

About

A security-oriented keychain web service

Resources

Readme
Activity

Stars

11 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages