EPD is a tool to archive personal credentials (mostly passwords) and store them safely in file. It is designed to be secure, lightweighted, portable, and convenient.
Supported platform: Windows (Mingw/MSVC), *nix (tested on Linux)
NOTE AND UPDATE: This software is still under development. Minor changes may be applied to the file structures and functionalities. Backward capability is not garuenteed.
WARNING: This tool is not approved by any authorities on data security or cryptography. The author of this software is not an expert in security related fields. Please be informed that any use of this software is at users own risk and the author is not responsible for any property or data losses.
EPD provides no installation by itself as it emphasizes portability. The
below instruction covers only the building process. The resulted binary will
be in build directory.
There is two ways to build on Windows. If you can either build with Mingw or MSVC. Building with Mingw requires the installation of Mingw-w64. Building with MSVC requires the installation of Visual Studio Build Tool. This tool is installed automatically if you have installed any version of Visual Studio. If you don't want to install Visual Studio, please see this one.
Open a command prompt with all necessary environmental variables set (for
example, put the Mingw installation path in path variable), redirect to
the project directory, and use the below command.
$ make -f Makefile.mingw epd
Open the Visual Studio Build Tool command prompt, see this, redirect to the project directory and use the below command.
$ nmake -f Makefile.win epd
Open the terminal and redirect to the project directory. Use below command.
$ make -f Makefile.nix epd
The brief documentation is located in doc.h, which will be printed out
if you run the binary with -h. Full documentation is not yet finished.
EPD will create two kinds of file, the key file and the database file.
The key file is generated by keygen command and is required for all the
database operation (feed in by -k option). The database file will ends with
.edb and contains the data.
[Public Key (32)][Secret key* (64)][Signature (64)]
*The secret key is 32 bytes long by itself, and there are some addtional information (iv, protective hash). The total length is 64 bytes.
The database structure is slightly complicated.
[IV (8)][Ephermeral Public Key (32)][ENC 1][Checksum 1 (32)][ENC 2][Checksum 2 (32)]
IV is 8 bytes, Keys are 32 bytes, Checksums are 32 bytes.
ENC 1 is the block of header, index, and tags.
ENC 2 is the block of data.
Although the Checksum 1 is inserted in the middle, the encryption runs
through ENC 1 and ENC 2. This is an important security measure against
Reuse key/iv attack.
Suppose there are totally n entries, and m tags (the maximum is 64)
[Header (84)][n Table entries (n * 80)][Tag (8)][m Tags (m * 64)]
[Program name (10)][Program Version (6)][DB name (64)][nentry (4)]
nentry is the number of entries in the database
[HTAG (8)][Tag (8)][Entry Name (16)][Encryption Key/Ephermeral Public Key (32)][Public key Fingerprint (16)]
The first part of tags are 8 bytes, which is 64 bits, each representing the
availability of the that tag. If there are m tags available, there should
be m 1s in this section.
The second part of tags are m 64 bytes block placed in order, which contains
the tag name, a char * type C-style string, the maximum character length is
63 (termination byte is always needed).
[n Data entryies (n * 528)]
[HTAG (8)][Tag (8)][Full name (128)][Note (256)][Value (128)]
The data contains the same HTAG entry and Tag entry with the corresponding
entry in table. The Full name of each entry is 128 bytes, and the name stored
in table is the first 16 bytes of these 128 bytes.
Data entries (not including HTAG) are encrypted seperately using the key in table entry (even in memory). The value encapsulated in the data entry is encrypted seperately as well.
-
Though the author has limited expertise in developing this kind of software, the security model should work and may be redudent. This may affect the performance of this software. It is normal for it to take several seconds to complete one operation (without compiler optimization).
-
There may be some minor issues/bugs of this software, since there is not enough tests to prove its robostness. It is welcome to test this program and provide issues/bug reports and suggestions for further improvements.
The below items are unordered
- Better customization support in
config.h - Unfinished features (add/delete tags, change data entry, change key password)
- Better looking UI (not GUI)
- Interactive Design (with mini terminal built-in)
- Bug fix (currently not yet Valgrind free)
- Better documentation
- ...
This program is largely inspired by
skeeto/enchive, which provides the data
securitycmodel for this program. The ed.c is a amalgamation of
kc1212/ref10_extract, which
provides the functionality of ed25519 signature using Curve25519 key pairs.