{"id":16119433,"url":"https://github.com/codingchili/enigmatic-mouse","last_synced_at":"2025-08-11T05:11:01.017Z","repository":{"id":87434298,"uuid":"158266392","full_name":"codingchili/enigmatic-mouse","owner":"codingchili","description":"The enigmatic mouse will keep your passwords safe - password manager on Android in Kotlin.","archived":false,"fork":false,"pushed_at":"2022-03-30T09:37:46.000Z","size":2457,"stargazers_count":19,"open_issues_count":16,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-02T09:11:16.758Z","etag":null,"topics":["android","android-application","kotlin","password-generator","password-manager","passwords","security"],"latest_commit_sha":null,"homepage":"https://enigmatic-mouse.com/","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codingchili.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-19T17:39:48.000Z","updated_at":"2025-01-14T13:01:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"38c5c405-33c0-469f-98a2-d870f2f86d73","html_url":"https://github.com/codingchili/enigmatic-mouse","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/codingchili/enigmatic-mouse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fenigmatic-mouse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fenigmatic-mouse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fenigmatic-mouse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fenigmatic-mouse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codingchili","download_url":"https://codeload.github.com/codingchili/enigmatic-mouse/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fenigmatic-mouse/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269832899,"owners_count":24482333,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-11T02:00:10.019Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-application","kotlin","password-generator","password-manager","passwords","security"],"created_at":"2024-10-09T20:54:08.658Z","updated_at":"2025-08-11T05:11:00.984Z","avatar_url":"https://github.com/codingchili.png","language":"Kotlin","readme":"# Enigmatic Mouse [![Build Status](https://app.travis-ci.com/codingchili/enigmatic-mouse.svg?branch=master)](https://app.travis-ci.com/github/codingchili/enigmatic-mouse)\nThe enigmatic mouse will keep your passwords safe - password manager on Android written in Kotlin.\n\n View the [YouTube Demo](https://www.youtube.com/watch?v=CcIvlFmBL5w).\n\n![mouse enigma preview](https://raw.githubusercontent.com/codingchili/enigmatic-mouse/master/preview.jpg \"Current snapshot version\")\n\nPassword manager in 1500 lines of KOTLIN!\n\nThe Enigmatic Mouse is a small password manager, the purpose is to be as small as possible\nwhile still providing a bearable user experience. By being small The Mouse is auditable by\nour user base. No need to trust a third party with the keys to the kingdom, you can fork\nthe repository and add new features or even disable existing ones! For maximum security\nwe recommend that you build and side-load the application yourself. This ensures that\na rogue version published to the Play store won't steal all your passwords.\n\nRequires SDK26 (can probably be built with lower API levels too.)\n\n# Features\n- application is protected by fingerprint authentication.\n- securely store passwords encrypted within Realm.\n- shows icons for the sites you add from the internet.\n- allows you to copy to clipboard or view passwords within the app.\n- set a credential as favorite and sticky it to the top of the list.\n- downloads the haveibeenpwned domain list and compares with your accounts.\n\n# Security\nThe encryption scheme\n\nThe master password is combined with a key derivation function (Scrypt) to generate an AES key of 256 bits.\nAnother key is then created within the Trusty TEE (HSM) and used to encrypt the AES key.\nThe key stored in TEE is protected by your fingerprint and never leaves the HSM.\nWe store the encrypted key, the salt used with the master password and the \ninitialization vector used as shared preferences. This information is not a \ncryptographic secret. When the user authenticates with their fingerprint, we use the\nAES key stored in the HSM to decrypt the key derived from the master password. When the\nmaster key is recovered, we initialize the Realm encrypted database with it.\n\n### Features\n- Fingerprint authentication\n- Scrypt, N=65536, r=8, p=1\n- Realm - encrypted with AES256 key.\n- AES256-CBC-PKCS7\n- Trusty TEE\n\n### Permissions\n\nThe following permissions are required by the application and enabled by default in `AndroidManifest.xml`.\n```xml\n\u003cuses-permission android:name=\"android.permission.USE_BIOMETRIC\"/\u003e\n\u003cuses-permission android:name=\"android.permission.INTERNET\"/\u003e\n```\n\nThe biometric permissions is used to authenticate with the Trusty TEE (HSM)\nusing a fingerprint. In newer versions of Android there might be more ways\nto authenticate with biometrics.\n\nThe Internet permission is used to download icons from websites. For example\nif you add a credential for youtube.com -\u003e we will fetch the index page from \nyoutube and parse any `\u003clink rel=\"icon\" href=\"...\"` elements and select the \nbiggest available icon. If you think Internet permissions is scary in your password\nmanager you can remove it. The feature to check if a site has been hacked also\ndepends on this permission \"security lists\".\n\n# Building\nOpen the project in Android Studio, Build -\u003e Make Project.\n\nWithout Android studio,\n```console\n./gradlew build\n```\n\nFind the unsigned .apk in ```app\\build\\outputs\\apk\\release```.\n\n# Installing\n\nInstalling the application yourself is the recommended way, as it removes the middleman.\n\n##### Side-loading (Android studio)\n- Open the project with android studio -\u003e run -\u003e select your device\n\nThis will build the APK and install it onto your device.\n\n##### Side-loading (APK file)\nFollow the instructions for building an unsigned APK and then copy the .apk to your device. Alternatively download\na signed APK from the releases.\n\n1. Enable installation from untrusted sources\n2. open the file to install the APK\n3. Disable installation from untrusted sources\n\n##### Google Play store\nNow published on the play store!\n\n[![Enigmatic Mouse @ Play Store](https://play.google.com/intl/en_us/badges/images/generic/en_badge_web_generic.png)](https://play.google.com/store/apps/details?id=com.codingchili.mouse.enigma)\n\n# Contributing\nContributions are welcome! We encourage you to look through the available issues,\ncreate new or comment on existing. All ideas are welcome and well needed.\n\nCode reviews and security audits are also very welcome.\n\n[![donate](https://img.shields.io/badge/donate-%CE%9ETH%20/%20%C9%83TC-ff00cc.svg?style=flat\u0026logo=ethereum)](https://commerce.coinbase.com/checkout/673e693e-be6d-4583-9791-611da87861e3)\n\n# Resources\nDuring development the following talk has been very helpful in implementing the security scheme.\n\nBen Oberkfell - Advanced Android Fingerprint Security | Øredev 2017\n[https://vimeo.com/243345710](https://vimeo.com/243345710)\n\n[benoberkfell/CryptoDiary](https://github.com/benoberkfell/CryptoDiary)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingchili%2Fenigmatic-mouse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodingchili%2Fenigmatic-mouse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingchili%2Fenigmatic-mouse/lists"}