NodeKEY - Node.js Key Encryption and Yank
npm install -g nodekey
nodekey --help to get usage instructions regarding program arguments.
nodekey without arguments to define a master key and enter interactive mode. Use the interactive command
to show the available commands.
- Keep your keys (passwords) organized with a file-system-alike hierarchy
- Each application (directory-alike) may contain a schema with details on key (file-alike) generation
- Configure an application once, generate any amount of keys for it
- Keys can also be stored encrypted if you don't want to generate a pseudo-random one
- Easy to use interactive mode with clipboard utilization
On first startup you are asked for an encryption password for the profile data (e.g. application schemas, meta data,
...). This password will also be used as default master key for key generation and encryption. You will be asked for
this password on every startup with the same profile path (
$HOME/.config/NodeKEY/ by default).
If needed, the
su command can be used for a different master key for key generation and encryption.
You may adjust any settings within the newly created settings file (
<profile-path>/settings.json by default). However
the default settings should suffice in general.
Applications and Keys
mkapp command (see
help mkapp for details) to create your applications (use
-S option for directories that
won't directly contain generated keys). Now you can create keys for those applications with the
key command (see
help key for details).
fetch commands the key contents can be displayed or put into the system clipboard respectively.
scrypt for primary hashing. This provides high computational and memory difficulties for possible
attacks. In addition -- if supported by the system --
SHA256 (fallback) is used, just in case
any design flaw.
Stored keys use the same hashing methods as generated keys, to generate a passphrase that is then used for the encryption algorithm. NodeKEY already considers it impossible for an attacker to reconstruct the master key from a hash. In conclusion it ought to be impossible to reconstruct the master key from a stored key as well.
For encryption, NodeKEY uses
bf-cbc as available on the system.
As the entropy of a generated key is as high as it gets (NodeKEY might have slight entropy losses, but nothing critical) with the defined schema, generated keys are still preferred over custom stored ones. Keep in mind that you probably never need to type in the password by hand.
Using the clipboard is one weakness of password managers. An infected system may spy the clipboard and thus get access to the application keys. However since such malware probably would also spy on typed keys, this weakness is no more critical than typing passwords by hand.
Make sure to log out (
exit) whenever you leave your computer unwatched. Nobody would be able to get access to
the master key, but the application keys are vulnerable to simple computer access while logged in.