{"id":16985765,"url":"https://github.com/r4gus/keypass","last_synced_at":"2025-03-17T09:30:31.891Z","repository":{"id":204755857,"uuid":"712586419","full_name":"r4gus/keypass","owner":"r4gus","description":"PassKeeZ is a FIDO2/ Passkey compatible authenticator implementation for Linux","archived":false,"fork":false,"pushed_at":"2025-02-01T07:39:20.000Z","size":3245,"stargazers_count":44,"open_issues_count":3,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-27T21:50:05.004Z","etag":null,"topics":["authentication","authenticator","authenticator-app","ctap2","fido2","fido2-authenticator","linux","passkey","passkeys","webauthn","zig-package"],"latest_commit_sha":null,"homepage":"https://github.com/r4gus/keylib","language":"Zig","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r4gus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["r4gus"]}},"created_at":"2023-10-31T19:05:42.000Z","updated_at":"2025-02-27T13:51:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"d19eab2c-d5f7-4b7b-b85e-45aa98fa97b0","html_url":"https://github.com/r4gus/keypass","commit_stats":null,"previous_names":["r4gus/keypass"],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r4gus%2Fkeypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r4gus%2Fkeypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r4gus%2Fkeypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r4gus%2Fkeypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r4gus","download_url":"https://codeload.github.com/r4gus/keypass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243858176,"owners_count":20359253,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authenticator","authenticator-app","ctap2","fido2","fido2-authenticator","linux","passkey","passkeys","webauthn","zig-package"],"created_at":"2024-10-14T02:44:09.247Z","updated_at":"2025-03-17T09:30:31.878Z","avatar_url":"https://github.com/r4gus.png","language":"Zig","readme":"# PassKeeZ\n\n\u003e I'm currently moving this application and some of its dependencies to the Zig-Sec organization on Github. This means that builds will probably fail as the URIs for the packages have changed. You can find pre-compiled binaries for PassKeeZ version 0.4.0 under Releases. Stay tuned!\n\nA FIDO2/ Passkey compatible authenticator for Linux based on [keylib](https://github.com/r4gus/keylib).\n\nThe project exclusively supports Linux due to the absence of a standardized API for interprocess communication (IPC) between the client and authenticator. As a workaround, platform authenticators on Linux act as virtual USB HID devices utilizing uhid. However, extending this functionality to other platforms remains unexplored as I haven't had the opportunity to investigate the equivalent mechanisms elsewhere.\n\n| Browser | Supported? | Tested version| Notes |\n|:-------:|:----------:|:-------------:|:-----:|\n| Cromium   | \u0026#9989;    | 119.0.6045.159 (Official Build) Arch Linux (64-bit) | |\n| Brave | \u0026#9989; | Version 1.62.153 Chromium: 121.0.6167.85 (Official Build) (64-bit) | |\n| Firefox | \u0026#9989; | 122.0 (64-bit) |  |\n| Opera | \u0026#9989; | version: 105.0.4970.16 chromium: 119.0.6045.159 | |\n\n\u003e [!NOTE]\n\u003e All tests were conducted using passkey for Github.\n\n\u003e [!IMPORTANT]\n\u003e Browsers running in sandboxed environments might not be able to communicate with the authenticator out of the box (e.g. when installing browsers with the Ubuntu App Center).\n\n## Features\n\n* Works with all services that support Passkeys\n* Store your Passkeys (just a private key + related data) in a local, encrypted database\n* Constant sign-counter, i.e. you can safely sync your credentials/passkeys between devices.\n\n\u003e [!NOTE]\n\u003e The release of version 0.3.0 removed the GUI. This means that you need version 0.2.5 if\n\u003e you want to delete credentials. A upcoming update will add credential management, which\n\u003e should also allow to modify credentials using a tool like `fido2-token`. The overall goal\n\u003e is to write a dedicated tool that allows the configuration of PassKeeZ via official commands.\n\n## Install\n\nThis project is installed by running the following command in your terminal.\n\n### Beta\n\n```\nsudo bash -c \"$(curl -fsSL https://raw.githubusercontent.com/r4gus/keypass/master/script/install-beta.sh)\"\n```\n\n\u003e [!NOTE]\n\u003e The following dependencies are required:\n\u003e * `curl`\n\u003e * `git`\n\u003e * `libgtk-3-0`\n\nThe script will make the following modifications:\n* `PassKeeZ` is installed to `/usr/local/bin`\n* `zigenity` (used for the user interface) is installed to `/usr/local/bin`\n* The user is added to the `fido` group\n* A udev rule is copied to `/etc/udev/rules.d/90-uinput.rules`\n* The `uhid` module is added to `/etc/modules-load.d/fido.conf`\n\n\u003e [!NOTE]\n\u003e Databases generated by older versions are not compatible.\n\n### Database Management\n\nCurrently the only way to manage your Credentials is by using the [CCDB command line application](https://github.com/r4gus/ccdb).\n\n### File synchronization\n\nYou can synchronize your database files using a service like [Syncthing](https://docs.syncthing.net/intro/getting-started.html) between your devices. This allows you to use the same Passkeys to login to your accounts on multiple devices.\n\n#### Syncthing\n\nPlease see the [Getting Started guide](https://docs.syncthing.net/intro/getting-started.html) on how to setup Syncthing on your device. Make sure you also setup Syncthing to [startup automatically](https://docs.syncthing.net/users/autostart.html#linux), to prevent a situation where your databases are out of sync.\n\n\u003e NOTE: For now, please make sure that you don't have the same database open on multiple devices simultaneously.\n\n## Contributing\n\nCurrently this application and the surrounding infrastructure \n([keylib](https://github.com/r4gus/keylib), [zbor](https://github.com/r4gus/zbor), [tresor](https://github.com/r4gus/tresor))\nis only maintained by me. One exception is the graphics library [dvui](https://github.com/david-vanderson/dvui) I use for the frontend.\n\nIf you find a bug or want to help out, feel free to either open a issue for one of the mentioned projects or write me a mail.\n\nAll contributions are wellcome! Including:\n\n* Bug fixes\n* Documentation\n* New features\n* Support for other systems (linux distros, OSs, ...)\n* ...\n\n## QA\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cins\u003eWhat is this project about?\u003c/ins\u003e\u003c/summary\u003e\n\nFIDO2 stands as a dedicated authentication protocol crafted for diverse authentication needs. Whether employed as a standalone method, supplanting traditional password-based authentication, or as an additional layer of security, FIDO2 serves both purposes. The FIDO Alliance has actively advocated for the widespread adoption of this protocol for several years, with 2023 witnessing a substantial surge in its adoption. However, it's crucial to note that FIDO2 introduces a heightened level of complexity in comparison to conventional passwords. Notably, the use of roaming authenticators, such as YubiKey, can be a cost-intensive aspect.\n\nUpon initiating the keylib project in October 2022, my primary objective was to develop a library empowering individuals to transform their own hardware, such as ESP32, into a functional authenticator. I believe I've achieved this goal successfully. However, during this process, I also recognized the evolving trend favoring hybrid/platform authenticators with discoverable credentials, now commonly marketed as Passkeys.\n\nWhile traditional authenticators like YubiKeys provide robust protection against various attacks, they come with notable drawbacks. Their high cost, limited update/patching capabilities, and restricted storage for discoverable credentials (for instance, my YubiKey 5 supports around 25 credentials) underscore these challenges. Additionally, the inability to back up data, although enhancing confidentiality, poses availability concerns. The official solution offered for this predicament is surprisingly simple: \"buy a second one.\"\n\nConversely, platform authenticators present a more flexible and cost-effective alternative. Unlike traditional counterparts, they can undergo regular updates and patches, akin to any software component. Furthermore, these authenticators permit the backup and secure sharing of credentials, leveraging an encrypted database within this project.\n\nOne key advantage lies in their cost-effectiveness, eliminating the need for additional hardware. When implemented with precision, platform authenticators can attain a commendable level of security, providing a compelling alternative to their more expensive counterparts.\n\nThe primary objective of this project is to furnish an alternative —keeping in mind that the term \"alternative\" is subjective and, due to resource constraints, I may not offer a polished, \"commercial-grade\" product— to existing commercial Passkey implementations.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cins\u003eWhat is FIDO2/ Passkey?\u003c/ins\u003e\u003c/summary\u003e\nPlease read the QA of the [keylib](https://github.com/r4gus/keylib) project.\n\u003c/details\u003e\n\n\u003c!--\n## Showcase\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"static/login.png\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003cimg src=\"static/new-database.png\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"static/main.png\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003cimg src=\"static/assertion.png\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n--\u003e\n","funding_links":["https://github.com/sponsors/r4gus"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr4gus%2Fkeypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr4gus%2Fkeypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr4gus%2Fkeypass/lists"}