README
NodeKEY - Node.js Key Encryption and Yank
Installation
npm install -g nodekey
Run nodekey --help
to get usage instructions regarding program arguments.
Run nodekey
without arguments to define a master key and enter interactive mode. Use the interactive command help
to show the available commands.
Features
Main Features:
- Keep your keys (passwords) organized with a file-system-alike hierarchy
- Each application (directory-alike) may contain a schema with details on key (file-alike) generation
- Configure an application once, generate any amount of keys for it
- Keys can also be stored encrypted if you don't want to generate a pseudo-random one
- Easy to use interactive mode with clipboard utilization
Usage
Initialization
On first startup you are asked for an encryption password for the profile data (e.g. application schemas, meta data,
...). This password will also be used as default master key for key generation and encryption. You will be asked for
this password on every startup with the same profile path ($HOME/.config/NodeKEY/
by default).
If needed, the su
command can be used for a different master key for key generation and encryption.
Settings
You may adjust any settings within the newly created settings file (<profile-path>/settings.json
by default). However
the default settings should suffice in general.
Applications and Keys
Use the mkapp
command (see help mkapp
for details) to create your applications (use -S
option for directories that
won't directly contain generated keys). Now you can create keys for those applications with the key
command (see
help key
for details).
With the cat
and fetch
commands the key contents can be displayed or put into the system clipboard respectively.
Security
Generated keys
NodeKEY uses scrypt
for primary hashing. This provides high computational and memory difficulties for possible
attacks. In addition -- if supported by the system -- SHA512
or SHA256
(fallback) is used, just in case scrypt
has
any design flaw.
Stored keys
Stored keys use the same hashing methods as generated keys, to generate a passphrase that is then used for the encryption algorithm. NodeKEY already considers it impossible for an attacker to reconstruct the master key from a hash. In conclusion it ought to be impossible to reconstruct the master key from a stored key as well.
For encryption, NodeKEY uses aes-256-cbc
and bf-cbc
as available on the system.
As the entropy of a generated key is as high as it gets (NodeKEY might have slight entropy losses, but nothing critical) with the defined schema, generated keys are still preferred over custom stored ones. Keep in mind that you probably never need to type in the password by hand.
Clipboard
Using the clipboard is one weakness of password managers. An infected system may spy the clipboard and thus get access to the application keys. However since such malware probably would also spy on typed keys, this weakness is no more critical than typing passwords by hand.
Session
Make sure to log out (Ctrl+D
/exit
) whenever you leave your computer unwatched. Nobody would be able to get access to
the master key, but the application keys are vulnerable to simple computer access while logged in.