In the development of someone else's project
keymemo.com , Post
Online Password Manager from 2010.
Then try to justify such a loud headline.
There is not enough karma for placement in “I am PR”, therefore here.
For a long time (it seems that from the very beginning somewhere in 2010) I use
keymemo.com to store critical information. Internal paranoia was a little worried that the resource on which my critical information is stored is, in general, completely out of control for me, but the convenience outweighed.
')
Some inconveniences:
- Sometimes a phantom space appeared in the name of the secrets - for several (different numbers) of characters, a space appeared between the letters until the end of the name. Not very disturbed, but visually spoil the view.
It was inconvenient to open the site from a smartphone.
In the album layout, the keyboard will close everything.
- Over the years, once the domain keymemo.com has been delineated, the certificate has expired, then everything has been restored.
- About a year ago, I accidentally noticed that backup copies stopped coming - my paranoia had a strong argument.
When sending a backup copy from the website to the mail - the copy is not sent (at the time of writing the post), a server error occurs. Communication through the inverse form of the site was in one direction - from me. Attempt to contact via mail whois also failed. Judging by the post (link above) - nothing has changed since the publication, i.e. since 2010.
There was an idea to place something on their own capacities, but the author did not answer the requests, he would share the server-side code, the client part was available in the browser for research, which helped to make the import.
I had a reason to learn javascript and PWA (
Progressive Web Apps: WhoAmI / Habrahabr )
What happened?It turned out the site
keymemo.imtqy.com . In fact, this is a site from one page with js scripts - a mixture of hmtl5 / js / css3, it turned out how it happened.
Details:
- Domain name and certificate "do not depend" on third parties, quotes can be removed if placed on their own facilities
- Secrets are stored in the html file
- It works without the Internet (of course, until the Internet disappears, you need to go to the browser at least once, the browser will cache)
- Not used frameworks and flash, only pure js
- No links to external resources, all libraries on board, with the exception of Google for access to the drive
- Browser = Chrome, probably works on others. Did not check and will not check
- The file with the secrets (and all previous versions of the files) is stored on your drive.google.com in a separate (selected) folder
- Each time you save a new file is saved on the drive, which is later used as the main file. Also saved to browser's localStorage
- Secrets consist of records
- A record is a pair of values ​​"field name" / "field value"
- "Field Name" is not encrypted
- The “field value” is encrypted with the encryption key (passphrase), the AES algorithm, the libraries from the CryptoJS project, you can change to your own algorithm
- The record can be of one of 4 types ( regular , password - helps to generate, link - when you click on the name, it will open a new tab, note - multi-line text
- The number of entries in the secret is unlimited.
- The number of secrets is not limited.
- Search is conducted on all "field values"
The site is convenient (in my opinion) to use from a smartphone - There is an import from the keymemo.com files
- There is an import from keymemo.next files
- All code is available github.com/keymemo/keymemo.imtqy.com
- You can place on your resource (you will need to understand a little js, namely, to register in Google as a developer and get the application ID with the appropriate permissions).
- The backup is made from settings. The resulting file contains everything that is needed to access passwords. Access to the drive browser from a local file will not give.
Constructive criticism is welcome (better in lichku, you still have some unresolved vulnerabilities or illiteracy will reveal).
GNU General Public License v3.0.
Links that helped:
→
Read to the full clarification about PWA→
Modern Javascript TutorialImport from keymemo.com
Operating sequence:- Open
www.keymemo.com , better in incognito
- Log in
- Select “Settings \ View backup of secrets (html)”, a new tab will open
- Log in is not necessary
- Right button "save as", save the file
Then this file can be opened, logged in and see the secrets.
This file can be imported into keymemo.next.