Passwords are now saved in a password manager.
The password manager uses strong encryption using a key derived from the passphrase using scrypt key strengthening algorithm. This ensures encryption is performed using a strong key and that brute forcing the passphrase is time consuming. If the user loses his passphrase no recovery is possible.
This commit is contained in:
eelke
parent
2230a4bd61
commit
e36924c087
27 changed files with 605 additions and 346 deletions
|
|
@ -2,6 +2,7 @@
|
|||
#define PASSWORDMANAGER_H
|
||||
|
||||
#include "Expected.h"
|
||||
#include <QSqlDatabase>
|
||||
#include <botan/secmem.h>
|
||||
#include <string>
|
||||
#include <memory>
|
||||
|
|
@ -16,8 +17,8 @@
|
|||
|
||||
namespace Botan {
|
||||
|
||||
class Encrypted_PSK_Database_SQL;
|
||||
class Sqlite3_Database;
|
||||
class Encrypted_PSK_Database;
|
||||
//class Sqlite3_Database;
|
||||
class PasswordHash;
|
||||
|
||||
}
|
||||
|
|
@ -41,21 +42,31 @@ public:
|
|||
Error
|
||||
};
|
||||
|
||||
PasswordManager() = default;
|
||||
PasswordManager();
|
||||
~PasswordManager();
|
||||
|
||||
void openDatabase(std::shared_ptr<Botan::Sqlite3_Database> db, std::string passphrase);
|
||||
/** Check if it has been initialized before.
|
||||
*
|
||||
* If returns false then use createDatabase to set it up
|
||||
* else use openDatabase to get access.
|
||||
*/
|
||||
bool initialized(QSqlDatabase &db);
|
||||
bool createDatabase(QSqlDatabase &db, QString passphrase);
|
||||
bool openDatabase(QSqlDatabase &db, QString passphrase);
|
||||
void closeDatabase();
|
||||
bool locked() const;
|
||||
|
||||
void set(const std::string &id, const std::string &passwd);
|
||||
std::string get(const std::string &id, const std::string &passwd);
|
||||
bool get(const std::string &id, std::string &password);
|
||||
void remove(const std::string &id);
|
||||
private:
|
||||
std::string m_passwordTableName = "psk_passwd";
|
||||
std::string m_secretAlgoTableName = "psk_masterkey_algo";
|
||||
std::unique_ptr<Botan::Encrypted_PSK_Database_SQL> m_pskDatabase;
|
||||
QString m_passwordTableName = "psk_passwd";
|
||||
QString m_secretAlgoTableName = "psk_masterkey_algo";
|
||||
QString m_secretHashTableName = "psk_masterkey_hash";
|
||||
std::unique_ptr<Botan::Encrypted_PSK_Database> m_pskDatabase;
|
||||
|
||||
bool isPskStoreInitialized(std::shared_ptr<Botan::Sqlite3_Database> db);
|
||||
void initializeNewPskStore(std::shared_ptr<Botan::Sqlite3_Database> db);
|
||||
bool isPskStoreInitialized(QSqlDatabase& db);
|
||||
void initializeNewPskStore(QSqlDatabase &db);
|
||||
|
||||
class KeyStrengthener {
|
||||
public:
|
||||
|
|
@ -74,6 +85,7 @@ private:
|
|||
, m_salt (std::move(rhs.m_salt))
|
||||
, m_keySize(rhs.m_keySize)
|
||||
{}
|
||||
|
||||
KeyStrengthener& operator=(KeyStrengthener &&rhs)
|
||||
{
|
||||
if (&rhs != this) {
|
||||
|
|
@ -85,7 +97,7 @@ private:
|
|||
}
|
||||
|
||||
Botan::secure_vector<uint8_t> derive(const std::string &passphrase);
|
||||
void saveParams(std::shared_ptr<Botan::Sqlite3_Database> db, const std::string &table_name);
|
||||
void saveParams(QSqlDatabase &db, const QString &table_name);
|
||||
private:
|
||||
std::unique_ptr<Botan::PasswordHash> m_hasher;
|
||||
Botan::secure_vector<uint8_t> m_salt;
|
||||
|
|
@ -93,7 +105,7 @@ private:
|
|||
};
|
||||
|
||||
/// Get PasswordHash from parameters in database
|
||||
KeyStrengthener getKeyStrengthener(std::shared_ptr<Botan::Sqlite3_Database> db);
|
||||
KeyStrengthener getKeyStrengthener(QSqlDatabase &db);
|
||||
KeyStrengthener createKeyStrengthener();
|
||||
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue