https://github.com/marcobellaccini/django-opqpwd

A password manager REST service with client-side encryption
https://github.com/marcobellaccini/django-opqpwd

aes-256 django django-rest-framework hmac-sha256 password-manager rest scrypt

Last synced: about 2 months ago
JSON representation

A password manager REST service with client-side encryption

• Host: GitHub
• URL: https://github.com/marcobellaccini/django-opqpwd
• Owner: marcobellaccini
• License: apache-2.0
• Created: 2017-01-06T15:02:22.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2017-01-07T12:23:45.000Z (over 8 years ago)
• Last Synced: 2024-11-29T17:56:39.634Z (5 months ago)
• Topics: aes-256, django, django-rest-framework, hmac-sha256, password-manager, rest, scrypt
• Language: Python
• Homepage:
• Size: 28.3 KB
• Stars: 3
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE

Awesome Lists containing this project

README

        
======

opqpwd

======

opqpwd is a password manager REST service with `client-side encryption `_.

It is written in Python 3, using `Django `_ and `Django REST framework `_.

opqpwd stands for "opaque passwords": it encrypts password on the client-side,

making them "opaque" to the server.

Moreover, user registration and authentication is performed using salted hashes

of user-chosen username and password:

this boosts users anonimity with respect to traditional services, hiding even 

the service-registration username.

Passwords (and metadata) are stored in your favorite database as Base64-encoded, 

encrypted JSON.

Encryption is performed using AES-256-CBC, with HMAC-SHA-256 authentication.

`scrypt `_ is used as key derivation function.

It features an example command-line client (you can find it in 

the bin folder).

opqpwd was written by Marco Bellaccini - marco.bellaccini(at!)gmail.com.

BEWARE: OPQPWD IS PROOF-OF-CONCEPT SOFTWARE, FOR TESTING PURPOSES ONLY.

Quick start

-----------

1.  Make sure you meet all software dependencies (Django REST Framework, 

    scrypt - you'll need libssl-dev for it, pycrypto, requests and, of course, Django).

2.  Add "opqpwd" and "rest_framework" (of course, you have to install 

    Django REST Framework too!) to your INSTALLED_APPS setting like this::

     INSTALLED_APPS = [

         ...

         'rest_framework',

         'opqpwd',

     ]

    In the same file (settings.py), specify this custom authentication backend::

     # set custom authentication backend

     AUTHENTICATION_BACKENDS = ['opqpwd.authentication.UserCredBackend']

3.  Include the opqpwd URLconf in your project urls.py like this::

     url(r'^', include('opqpwd.urls')),

    Note: make sure you import include with `from django.conf.urls import include`.

4.  Run `python manage.py migrate` to create the opqpwd models.

5.  Start the development server (BEWARE: in a real environment you should run 

    it over https, however, as already stated, THIS IS A PROOF-OF-CONCEPT 

    SOFTWARE, FOR TESTING PURPOSES ONLY).

6.  Start the cli-client script::

     opqpwdcliclient

    Note: if you installed the package as a user library, the script will

    likely be in `.local/bin` in your home folder.

7.  Connect to the development server::

     connect http://127.0.0.1:8000

8.  Register a user::

     adduser

    (if you want, you can also generate an authentication token to use along 

    with the password)

9.  Login::

     login

10. Add a password to the db::

     addpassword

11. List all stored passwords titles::

     printall

12. Print details of the password you just stored::

     print 1

13. Upload encrypted passwords to the server::

     save

14. Get help with the other commands::

     help