passager-password-manager

Passager Password Manager

Build License Code Size Last Commit Available on Google Play Store

Passager Password Manager is an open-source and easy-to-use password manager.

Nice features

Try Passager now

Passager can be used in local mode, which means that all data is stored in the browser’s local storage. This is the recommended mode if you want to be sure that your data is not stored in any server.

Just download the mobile app or directly access from your browser:

Installing Passager in a production environment

Run a production-ready build

It’s possible to build the docker image with the following command:

npm run build:docker

Then start the container with:

npm run start:docker

A production-ready build will be available on the port 8000 served by a basic apache server.

Starting a new Passager Backend instance

Passager has its own REST service to handle authentication and data storage. It works great for organizations that need to keep synchronized their passwords between different devices. Additionally, sharing capabilities are available when connecting Passager to a remote backend.

A new backend instance can be easily started by building and running its corresponding docker image.

Please refer to the Passager Backend directory for more information.

Starting developing

Quick start with docker

Build the docker image with the following command:

npm run build:docker:dev

Then start the container with:

npm run start:docker:dev

A development build will be available on the port 3000. Changes on the code will be reflected on the container.

Available Scripts

create-react-app is the passager’s scaffolding engine.

In the project directory, you can run:

Technical decisions

To achieve simplicity, security and usability for teams, the following technical decisions have been adopted:

Reasons to create Passager

You could be wondering why the world needs another password manager.

The answer is that the world doesn’t really need more password managers, but I used to need an open source, easy to install and maintain one, and I have never found it.

This is the reason to create passager. To bring to the world a password manager that is:

These are the three topics around the value-proposition of passager, and these points should be the foundation to define its vision and goals.

Disclaimer

This is a personal project and I do not consider myself responsible for the usage given to this software. Please understand that I can’t be responsible for any direct or indirect damage this software may cause due to any kind of problem.

I’ve developed this software with all my 💛, but as you know there are evil people outside in the network. Take care, install always all available updates, and use passager at your own risk.

If you find any security issue or possible improvement, feel free to submit a PR and I would try to do my best to handle it.

Most relevant dependencies

Development dependencies

About cryptography

WebCrypto API is used to encrypt and decrypt data from passager. This theorically means, as long as your browser is updated, your crypto algorithms will be safe. These are the techniques followed to protect user passwords:

  1. Each user defines a master password, from which is derived a 256 bits AES-GCM key.
  2. Additionally, each user has an RSA-OAEP key-pair. Private key is wrapped using the master password’s derived key.
  3. After the user logs in and writes his master password, the private key is unwrapped and loaded in memory.
  4. Each folder has its specific AES-GCM key, which is stored encrypted using the user’s RSA public key.
  5. When a user wants to access a specific folder, folder’s key is decrypted with the user’s private key, then the content is accessed and decrypted using the folder-specific key.
  6. When a folder is shared, its AES-GCM key is encrypted using the receiver public key, and shared with him.

Attributions