Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/arr4n/nodejs-keychain
A security-oriented keychain web service
https://github.com/arr4n/nodejs-keychain
Last synced: 2 months ago
JSON representation
A security-oriented keychain web service
- Host: GitHub
- URL: https://github.com/arr4n/nodejs-keychain
- Owner: ARR4N
- Created: 2010-12-12T14:05:01.000Z (about 14 years ago)
- Default Branch: master
- Last Pushed: 2017-04-29T20:27:15.000Z (over 7 years ago)
- Last Synced: 2024-04-18T17:14:49.796Z (9 months ago)
- Language: JavaScript
- Homepage:
- Size: 138 KB
- Stars: 11
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README
- License: License-gpl-3.0.txt
Awesome Lists containing this project
README
Copyright 2010 Arran Schlosberg (http://arranschlosberg.com);
This file is part of NodeJS-Keychain (https://github.com/aschlosberg/NodeJS-Keychain).
NodeJS-Keychain is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NodeJS-Keychain is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NodeJS-Keychain. If not, see .
---------------------------------------------------------------------------------------
NodeJS-Keychain
https://github.com/aschlosberg/NodeJS-Keychain
Requirements
------------
NodeJs - www.nodejs.org
Express - www.expressjs.com
MongoDB - www.mongodb.com
Mongoose - www.learnboost.com/mongoose/
OpenSSL aes-cbc-256 cipher
Goals
-----
NodeJS-Keychain is intended to be a highly secure and distributable keychain web service for creation and storage of random, long passwords. Security is managed in a trap-door manner such that a single user/password combination is required to unlock a given key but all other data is entirely protected by hashes & salts; the purpose of this is to allow storage in the cloud.
The encryption scheme is inspired by: http://wayner.org/node/21
Usernames are stored as hashes and each user's master password as a hash of 'user_hash|password|salt'. All keys are referenced by a domain (also hashed) and are then encrypted using AES (CBC) 256 bit with the hash of 'password|user_hash|domain_hash' as the key. All hashes are SHA-512 and the one-way mechanism of cryptographic hashes makes public access to the encrypted keychain relatively safe.
Caveat: the trap-door mechanism means that forgetting the master password results in permanent loss of the encrypted data (well... assuming the cipher is good and implemented properly).