password manager with mod harbour

mod_harbour is an Apache module that allows to run PRGs directly on the web !!!
Post Reply
User avatar
Otto
Posts: 6380
Joined: Fri Oct 07, 2005 7:07 pm
Contact:

password manager with mod harbour

Post by Otto »

Hello friends,
I am working on a password manager for managing personal passwords using just one master password.
Using a password manager increases security and reduces the risk of password theft.
The program utilizes the Web Crypto API to encrypt and decrypt passwords with AES-GCM.
Passwords are extracted from a dBase file (DBF).
The encrypted passwords are encrypted using an encryption key and an initialization vector (IV) as parameters.
In the DBF file, the encrypted password and the initialization vector are stored.
Both values are retrieved from the DBF file using an AJAX request. Decryption takes place on the client-side in the web browser.
The encryption key is not stored; it is the master password and must always be entered by the user.
However, it is essential to choose a secure master password for the password manager itself, as it grants access to all stored passwords.
Passwords can be categorized based on the contexts in which they may be used.
Here are some examples of password categories that you could use for personal, social, and business purposes:
Personal Passwords:
1. Personal email address
2. Social media (e.g., Facebook, Twitter, Instagram)
3. Online shopping (e.g., Amazon, eBay)
4. Entertainment sites (e.g., Netflix, YouTube)
5. Personal Wi-Fi network

Social Passwords:
1. Forums and discussion groups (e.g., Reddit, Stack Overflow)
2. Online games (e.g., Steam, PlayStation Network)
3. Chat apps (e.g., WhatsApp, Discord)

Business Passwords:
1. Business email address
2. Company network
3. Business software or tools
4. Work-related cloud services (e.g., Google Workspace, Microsoft 365)
5. Business social media or websites

Other categories could include:
1. Banking and financial accounts
2. Healthcare and medical services
3. Educational institutions (e.g., university accounts)
4. Government or agency access
Best regards,
Otto

Code: Select all | Expand

$(document).ready(function() {
    passwordBtn.on('click', function() {
        var putData = {};
        putData["request"] = "edit";
        
        var row = getSelections()[0]; 
        var id = row.id; 
        var cIdx = id.toString();
        putData["id"] = cIdx;
        
        console.log("putData:", putData); // Konsolenausgabe zum Testen
        
        $.ajax({
            url: "./getRecord.prg",
            type: "PUT",
            dataType: "json",
            data: JSON.stringify(putData),
            success: function(data) {
                console.log("Response:", data);
                var obj = data.array[0];
                encryptedPassword =  obj.link;
                if (encryptedPassword !== null) {
                    console.log('Verschlüsseltes Passwort:aus dem DBF file', encryptedPassword);
                    //  const iv = "8fbc9ec521b300fe9d845987";
                    // Convert the hexadecimal string 'iv' to a Uint8Array
                    const ivHexString = "8fbc9ec521b300fe9d845987";
                    const iv = new Uint8Array(ivHexString.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
                    const encryptionKey = new TextEncoder().encode('dummy_key_123456'); // Dummy-Verschlüsselungsschlüssel!
                    // Passwort entschlüsseln
                    decryptPassword(encryptedPassword, encryptionKey, iv)
                    .then(decryptedPassword => {
                        if (decryptedPassword !== null) {
                            console.log('Entschlüsseltes Passwort:', decryptedPassword);
                            alert( decryptedPassword );
                        } else {
                            console.log('Fehler bei der Entschlüsselung.');
                        }
                    });
                } else {
                    console.log('Fehler bei der Verschlüsselung.');
                }
            },
            error: function(jqXHR, textStatus, errorThrown) {
                console.error("AJAX-Fehler:", textStatus, errorThrown);
                alert("Fehler beim Lesen");
            }
        });
    });
});



 
Image
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
Posts: 6380
Joined: Fri Oct 07, 2005 7:07 pm
Contact:

Re: password manager with mod harbour

Post by Otto »

Hello friends,
I have a utility to encrypt the original passwords.
For now, I have to manually copy the encrypted value and the IV into the database.
For internal use, this is entirely sufficient.
Perhaps someone is interested and we could further develop this project.

Encrypt original key with master password

Please enter your master password below to check its length, and enter the password you want to encrypt with the key.
Best regards,
Otto

Image

Code: Select all | Expand

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Key Length Checker</title>
    <!-- Bootstrap 5 CSS -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css">
</head>
<body>
    <div class="container mt-5">
        <h1>Encrypt original key with master password</h1>
        <p>Please enter your master password below to check its length</p>
        <input type="text" id="keyInput" placeholder="Enter your encryption key" oninput="checkKeyLength()">
        <p id="keyLengthDisplay"></p>
        <button onclick="checkKeyLength()">Check Length</button>
        <p id="result"></p>
        
        <p>Next, enter the password you want to encrypt with the key</p>
        <input type="text" id="pwInput" placeholder="Enter your password">
        <button onclick="performEncryption()">Encrypt</button>
    </div>
    
    <!-- Bootstrap 5 JS and jQuery -->
    <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.min.js"></script>
    
    <script>
        function checkKeyLength() {
            const keyInput = document.getElementById('keyInput');
            
            const key = keyInput.value.trim();
            const keyLength = key.length * 8;
            
            let resultMessage;
            
            if (keyLength === 128) {
                resultMessage = `The key length is 128 bits.`;
            } else if (keyLength === 256) {
                resultMessage = `The key length is 256 bits.`;
            } else {
                resultMessage = `The key length should be either 128 bits or 256 bits. (Current length: ${keyLength} bits)`;
            }
            
            document.getElementById('result').textContent = resultMessage;
            document.getElementById('keyLengthDisplay').textContent = `Current key length: ${keyLength} bits`;
        }
        
        // Funktion zur Verschlüsselung des Passworts mit AES
        async function encryptPassword(password, encryptionKey) {
            try {
                const encodedKey = await crypto.subtle.importKey('raw', encryptionKey, { name: 'AES-GCM' }, false, ['encrypt']);
                const encodedData = new TextEncoder().encode(password);
                const iv = crypto.getRandomValues(new Uint8Array(12));
                console.log( "iv", arrayBufferToHexString(iv))
                const encryptedData = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, encodedKey, encodedData);
                const encryptedPassword = Array.from(new Uint8Array(encryptedData)).map(byte => ('00' + byte.toString(16)).slice(-2)).join('');
                return { encryptedPassword, iv };
            } catch (error) {
                console.error('Verschlüsselung fehlgeschlagen:', error);
                return null;
            }
        }
        
        // Funktion zur Entschlüsselung des Passworts mit AES
        async function decryptPassword(encryptedPassword, encryptionKey, iv) {
            try {
                const encodedPassword = Uint8Array.from(Array.from(encryptedPassword.match(/.{1,2}/g), byte => parseInt(byte, 16)));
                const encodedKey = await crypto.subtle.importKey('raw', encryptionKey, { name: 'AES-GCM' }, false, ['decrypt']);
                const decryptedData = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, encodedKey, encodedPassword);
                return new TextDecoder().decode(decryptedData);
            } catch (error) {
                console.error('Entschlüsselung fehlgeschlagen:', error);
                return null;
            }
        }
        
        // Helper function to convert ArrayBuffer to hex string
        function arrayBufferToHexString(buffer) {
            return Array.from(new Uint8Array(buffer))
            .map(byte => ('00' + byte.toString(16)).slice(-2))
            .join('');
        }
        
        
        // Funktion zum Aufrufen der Verschlüsselungsfunktion
        function performEncryption() {
            const originalPassword = document.getElementById('pwInput').value;
            const encryptionKey = new TextEncoder().encode('AtSw992025451855'); // Dummy-Verschlüsselungsschlüssel!
            console.log('originalPassword', originalPassword );
            
            const mysecretkey =  document.getElementById('keyInput').value;
            console.log( 'my_secret key', mysecretkey )
            
            // Passwort verschlüsseln
            encryptPassword(originalPassword, encryptionKey)
            .then(({ encryptedPassword, iv }) => {
                if (encryptedPassword !== null) {
                    console.log('Verschlüsseltes Passwort:', encryptedPassword);
                    
                    // Passwort entschlüsseln (Beispiel)
                    decryptPassword(encryptedPassword, encryptionKey, iv)
                    .then(decryptedPassword => {
                        if (decryptedPassword !== null) {
                            console.log('Entschlüsseltes Passwort:', decryptedPassword);
                        } else {
                            console.log('Fehler bei der Entschlüsselung.');
                        }
                    });
                } else {
                    console.log('Fehler bei der Verschlüsselung.');
                }
            });
        }
    </script>
</body>
</html>

 
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
Posts: 6380
Joined: Fri Oct 07, 2005 7:07 pm
Contact:

Re: password manager with mod harbour

Post by Otto »

The Recipe:
A clear structure and a handful of small modules.

Image

Image

Image
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
Posts: 6380
Joined: Fri Oct 07, 2005 7:07 pm
Contact:

Re: password manager with mod harbour

Post by Otto »

I have decided to create an administrator mode for the LockBox as well. It simply adds more convenience.

Image
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
Posts: 6380
Joined: Fri Oct 07, 2005 7:07 pm
Contact:

Re: password manager with mod harbour

Post by Otto »

If you have already developed a few blocks and functions, it is very easy to create and expand new programs. Now, I am implementing the login functionality.


Image
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
Post Reply