glitterware / passy Goto Github PK
View Code? Open in Web Editor NEWOffline password manager with cross-platform synchronization
Home Page: https://glitterware.github.io/Passy/
License: GNU General Public License v3.0
Offline password manager with cross-platform synchronization
Home Page: https://glitterware.github.io/Passy/
License: GNU General Public License v3.0
(Sorry for using a issue for asking an offtopic question, but I don't know where else to ask)
Is it possible for GlitterWare to create a Joplin-style notes program, but with Passy-style synchronization?
One of my main reasons for using something like Joplin or Bitwarden is the synchronization between devices, although I would honestly prefer not to have to rely on a server and a membership and always looked for a Passy style program that would easily synchronize my information between devices, without relying on the cloud, or even worse, Syncthing...
Is there any possibility/interest that in the distant future GlitterWave will create a Joplin-style notes app but with the ability to sync between devices simply with a QR code? Yes, I've already used Passy's notes category and it has its function, but for something like a password manager it doesn't make sense to create something as advanced as Joplin.
Ability to choose whether to activate the automatic backup or not, and to have the ability to create a backup after a change is made or every certain period of time.
Currently entries are stored in files passwords.enc
, notes.enc
, payment_cards.enc
, identities.enc
and id_cards.enc
, encrypted in CSV format. When Passy starts up, it loads all of the data contained within these files, including the passwords. This contributes a lot of data to memory, usually with very few of this data being used per visit. It is preferable to reduce the amount of data loaded at all times to prevent performance issues and possible security concerns.
There is currently no easy way to provide random access to these data without having to read and decrypt the entire file. Before decryption, newlines are added between entries, but when encrypted the string becomes a single line. It is possible to instead encrypt entries individually to then insert newlines afterwards, which would allow to read the file line by line. This would be the first step to random data access, because it would add the ability to iterate through entries without having to keep the entire file contents in memory.
To make it possible to identify entries without having to decrypt them, it is possible to add the unencrypted entry keys at the beginning of each line, separated by a comma from the encrypted entry. This would allow the parsing mechanism to find the requested entries without having to read the entire line. There might be a question of security about storing the entry keys in an unencrypted format, since those could be considered private data. However the only information they consist of and therefore reveal are the exact entry creation dates. While one could argue that this information could potentially pose a threat due to the revelation of one's activity timeline if attacked, I doubt it would give any useful information to the attacker.
As an alternative idea, it would be possible to avoid modifying existing database information by storing encrypted minimal metadata about the entries in separate files. This, however, seems sub optimal, as I would consider such data a runtime artifact rather than meaningful information. It seems redundant to include as a part of the database, but it might be possible to implement it later as cache data instead to improve security.
Hi,
it would be great to be able to share single passwords to other users. I'm thinking of sharing my WIFI password with my GF or similar.
Another idea would be to have shared portions. I'm sure this can be achieved by having one user that's shared and another one for each personal account. But it would be cool to not login into several accounts just to find out where the actual password got saved to. So one solution could be, to introduce groups users are assigned to. Each group is "secured" by a shared secret combined with the actual user authentication.
Happy to discuss ideas
Already resolved in 3edcf08.
Next update will not have this issue.
Thank you so much in advance for this app, it's perfect, it doesn't require registration which can make you question privacy and security, it's very convenient and simply the best among all analogs, but I'm missing one feature
Please add the ability to attach photos for all tabs for example for passport photos or discount card barcode photos from a store, or some photo in the notes and the like
If I initialize Passy with a username and password, create a password record, exit passy, than restart passy, I am prompted once again to "Create a local account". https://github.com/GlitterWare/Passy says that on Linux, the Passy database is stored in /home/<username>/Documents
. Even after I create a "Documents" directory in advance (such a thing does not otherwise normally exist on my machines) and try again, it remains empty, Passy stores nothing there, or anywhere else that I can see.
No response
No response
No response
v1.5.0 - Browser Extension
Hi,
There is sync error When I scan QR code on PC from Android.
What should I do?
log below:
Connecting...
Local exception has occurred: Failed to connect.
SocketException: Connection timed out, host: InternetAddress('192.168.0.105', IPv4), port: 58293
#0 _NativeSocket.connect.<anonymous closure>.<anonymous closure> (dart:io-patch/socket_patch.dart:954)
#1 _RootZone.run (dart:async/zone.dart:1647)
#2 Future.timeout.<anonymous closure> (dart:async/future_impl.dart:864)
#3 Timer._createTimer.<anonymous closure> (dart:async-patch/timer_patch.dart:18)
#4 _Timer._runTimers (dart:isolate-patch/timer_impl.dart:398)
#5 _Timer._handleMessage (dart:isolate-patch/timer_impl.dart:429)
#6 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:192)
No response
A simple process running in the background of the OS used as Host that automatically synchronizes real-time changes occurring on any of the synchronized devices, and that is able to remember the synchronized devices.
flutter_barcode_scanner implementation broke on new flutter.
Will be replaced with barcode_scanner.
1. Minimize to tray when click close button
Could you add a option that control the behavior when click close button? Sometimes I want to minimize Passy to the system tray, but not close it.
2. Steam OTP(2FA) support
Passy does not support the Steam OTP algorithm which is not a standard TOTP implementation, but many password managers or 2FA applications support that, like KeePassXC, KeePassDX, Aegis, Authenticator Pro, etc..
3. biometrics support on Windows
Passy doesn't seem to support biometric authentication on Windows. Does it only support the mobile app? I think supporting biometrics on Windows is nice for convenience. Like the KeePassXC, requiring the master password when first start Passy, and biometrics auth when open Passy from the background is a good choice.
Browser extension saying No connector found
.
Checked the native messaging directories, manifest files are not updated as they need to be.
No response
Install snap/flatpak package, open once, use browser extension
v1.5.0 - Browser Extension
link to script: https://gist.github.com/b82577ed3fd06f305a28a18a81a580d2
to use it export from lockwise and passy, give the script the path to the lockwise file and the passy passwords.enc file and it will do its thing
Hi!
After install new version can't login.
FileSystemException: Cannot copy file to 'C:\Users\Husband\Documents\Passy\accounts\Stas\id_cards.enc_temp', path = 'C:\Users\Husband\Documents\Passy\accounts\Stas\id_cards.enc' (OS Error: Невозможно создать файл, так как он уже существует.
, errno = 183)
#0 _File.throwIfError (dart:io/file_impl.dart:635)
#1 _File.copySync (dart:io/file_impl.dart:340)
#2 convert2_0_0AccountTo2_1_0._convert (package:passy/passy_data/legacy/convert_2d0d0_account_to_2d1d0.dart:19)
#3 convert2_0_0AccountTo2_1_0 (package:passy/passy_data/legacy/convert_2d0d0_account_to_2d1d0.dart:37)
#4 convertLegacyAccount (package:passy/passy_data/legacy/legacy.dart:80)
#5 loadLegacyAccount (package:passy/passy_data/legacy/legacy.dart:93)
#6 PassyData.loadAccount (package:passy/passy_data/passy_data.dart:167)
#7 _LoginScreen.login.<anonymous closure> (package:passy/screens/login_screen.dart:95)
#8 _RootZone.run (dart:async/zone.dart:1647)
#9 _FutureListener.handleWhenComplete (dart:async/future_impl.dart:190)
#10 Future._propagateToListeners.handleWhenCompleteCallback (dart:async/future_impl.dart:736)
#11 Future._propagateToListeners (dart:async/future_impl.dart:792)
#12 Future._completeWithValue (dart:async/future_impl.dart:566)
#13 Future._asyncCompleteWithValue.<anonymous closure> (dart:async/future_impl.dart:639)
#14 _microtaskLoop (dart:async/schedule_microtask.dart:40)
#15 _startMicrotaskLoop (dart:async/schedule_microtask.dart:49)
That is paid pass manager and one of the most used . So this would be a great feature. In their site they support importing from Google passwords and others
Is there any intention to release a version of Passy as Flatpak? I have no problem with Snap, I just find it interesting if you plan to release a flatpak version.
I couldn't find Passy on AUR either.
When sync link is pressed in windows 10, only appears "setting up synchronization" for a few seconds (bottom bar) and nothing more.
if at least the ip and port could show up....
No response
No response
v1.5.0 - Browser Extension
Hello, i tried to toggle automatic backup, then selecting a folder, and it says "access denied, try another folder". Is there any fix? (Android)
when trying import an exported zip file from cel (android) to windows 10 22h2 error occurs:
FormatException: Unfinished UTF-8 octet sequence (at offset 1)
#0 _Utf8Decoder.convertSingle (dart:convert-patch/convert_patch.dart:1747)
#1 Utf8Decoder.convert (dart:convert/utf.dart:351)
#2 Utf8Codec.decode (dart:convert/utf.dart:63)
#3 skipLine (package:passy/passy_data/common.dart:65)
#4 PassyEntriesEncryptedCSVFile.keys.<anonymous closure> (package:passy/passy_data/passy_entries_encrypted_csv_file.dart:18)
#5 processLines (package:passy/passy_data/common.dart:267)
#6 PassyEntriesEncryptedCSVFile.keys (package:passy/passy_data/passy_entries_encrypted_csv_file.dart:16)
#7 LoadedAccount.notesKeys (package:passy/passy_data/loaded_account.dart:584)
#8 new LoadedAccount (package:passy/passy_data/loaded_account.dart:94)
#9 JSONLoadedAccount.toEncryptedCSVLoadedAccount (package:passy/passy_data/loaded_account.dart:959)
#10 PassyData.importAccount (package:passy/passy_data/passy_data.dart:353)
<asynchronous suspension>
#11 _ConfirmImportScreen._onConfirmPressed (package:passy/screens/confirm_import_screen.dart:26)
<asynchronous suspension>
No response
No response
No response
None
Attempting to scan the QR code from my host machine (Manjaro, Appimage) and my guest device (Android 11) results in this error:
Connecting...
Local exception has occurred: Failed to connect.
SocketException: Connection refused (OS Error: Connection refused, errno = 111), address = 127.0.0.1, port = 41042
#0 _NativeSocket.startConnect (dart:io-patch/socket_patch.dart:682)
#1 _NativeSocket.connect (dart:io-patch/socket_patch.dart:948)
#2 _RawSocket.connect (dart:io-patch/socket_patch.dart:1815)
#3 RawSocket.connect (dart:io-patch/socket_patch.dart:21)
#4 Socket._connect (dart:io-patch/socket_patch.dart:2038)
#5 Socket.connect (dart:io/socket.dart:743)
#6 Synchronization.connect (package:passy/passy_data/synchronization.dart:664)
#7 LoadedAccount.connect (package:passy/passy_data/loaded_account.dart:159)
#8 SynchronizationWrapper.connect (package:passy/common/synchronization_wrapper.dart:63)
#9 _ConnectScreen.build.<anonymous closure> (package:passy/screens/connect_screen.dart:88)
#10 _InkResponseState.handleTap (package:flutter/src/material/ink_well.dart:1072)
#11 GestureRecognizer.invokeCallback (package:flutter/src/gestures/recognizer.dart:253)
#12 TapGestureRecognizer.handleTapUp (package:flutter/src/gestures/tap.dart:627)
#13 BaseTapGestureRecognizer._checkUp (package:flutter/src/gestures/tap.dart:306)
#14 BaseTapGestureRecognizer.acceptGesture (package:flutter/src/gestures/tap.dart:276)
#15 GestureArenaManager.sweep (package:flutter/src/gestures/arena.dart:163)
#16 GestureBinding.handleEvent (package:flutter/src/gestures/binding.dart:464)
#17 GestureBinding.dispatchEvent (package:flutter/src/gestures/binding.dart:440)
#18 RendererBinding.dispatchEvent (package:flutter/src/rendering/binding.dart:337)
#19 GestureBinding._handlePointerEventImmediately (package:flutter/src/gestures/binding.dart:395)
#20 GestureBinding.handlePointerEvent (package:flutter/src/gestures/binding.dart:357)
#21 GestureBinding._flushPointerEventQueue (package:flutter/src/gestures/binding.dart:314)
#22 GestureBinding._handlePointerDataPacket (package:flutter/src/gestures/binding.dart:295)
#23 _invoke1 (dart:ui/hooks.dart:167)
#24 PlatformDispatcher._dispatchPointerDataPacket (dart:ui/platform_dispatcher.dart:341)
#25 _dispatchPointerDataPacket (dart:ui/hooks.dart:94)
No matter if I try to use my Android as a Host, the same thing happens, and I already verified that no firewall is interfering, in fact I turned them off and the problem persisted...
This issue contains a list of features and improvements planned for Passy v1.4.0, organized by priority (Features ready to be included are ticked).
New Features:
Edit 1:
You may visit the issues mentioned above to discuss them individually.
Edit 2:
Submission process:
Passy does not seem to perform any kind of key derivation, instead using the length-padded passphrase as the encryption key directly. This introduces several issues:
A good choice would be Argon2, which is used in KDBX 4 (KeePass) and LUKS2. Implementing it should be trivial - you need to find a library for it, replace the custom padding mechanism in
Passy/lib/passy_data/common.dart
Line 116 in 942a32f
Hi,
as discussed in #13 (comment), here's a separate issue.
Searching for a password has multiple steps involved. I'd like to propose to use a quick-search field in the main screen.
Thanks
When attempted to use the extension on a non-English language system, connector fails to find the proper documents directory. This is because Windows documents directory location is localized and varies depending on the user language, which the connector does not account for.
No response
No response
No response
v1.5.0 - Browser Extension
Invalid argument(s): Key length not 128/192/256 bits.
#0 AESEngine.generateWorkingKey (package:pointycastle/block/aes.dart:1163)
#1 AESEngine.init (package:pointycastle/block/aes.dart:1150)
#2 SICStreamCipher.init (package:pointycastle/stream/sic.dart:55)
#3 StreamCipherAsBlockCipher.init (package:pointycastle/adapters/stream_cipher_as_block_cipher.dart:29)
#4 PaddedBlockCipherImpl.init (package:pointycastle/padded_block_cipher/padded_block_cipher_impl.dart:47)
#5 AES.encrypt (package:encrypt/src/algorithms/aes.dart:35)
#6 Encrypter.encryptBytes (package:encrypt/src/encrypter.dart:12)
#7 Encrypter.encrypt (package:encrypt/src/encrypter.dart:20)
#8 encrypt (package:passy/passy_data/common.dart:122)
#9 EncryptedJsonFile.saveSync (package:passy/passy_data/encrypted_json_file.dart:61)
#10 new EncryptedJsonFile.fromFile (package:passy/passy_data/encrypted_json_file.dart:47)
#11 AccountSettings.fromFile (package:passy/passy_data/account_settings.dart:66)
#12 new LoadedAccount.fromDirectory (package:passy/passy_data/loaded_account.dart:143)
#13 PassyData.createAccount (package:passy/passy_data/passy_data.dart:130)
#14 _AddAccountScreen._addAccount (package:passy/screens/add_account_screen.dart:75)
#15 _InkResponseState.handleTap (package:flutter/src/material/ink_well.dart:1096)
#16 GestureRecognizer.invokeCallback (package:flutter/src/gestures/recognizer.dart:253)
#17 TapGestureRecognizer.handleTapUp (package:flutter/src/gestures/tap.dart:627)
#18 BaseTapGestureRecognizer._checkUp (package:flutter/src/gestures/tap.dart:306)
#19 BaseTapGestureRecognizer.acceptGesture (package:flutter/src/gestures/tap.dart:276)
#20 GestureArenaManager.sweep (package:flutter/src/gestures/arena.dart:163)
#21 GestureBinding.handleEvent (package:flutter/src/gestures/binding.dart:464)
#22 GestureBinding.dispatchEvent (package:flutter/src/gestures/binding.dart:440)
#23 RendererBinding.dispatchEvent (package:flutter/src/rendering/binding.dart:336)
#24 GestureBinding._handlePointerEventImmediately (package:flutter/src/gestures/binding.dart:395)
#25 GestureBinding.handlePointerEvent (package:flutter/src/gestures/binding.dart:357)
#26 GestureBinding._flushPointerEventQueue (package:flutter/src/gestures/binding.dart:314)
#27 GestureBinding._handlePointerDataPacket (package:flutter/src/gestures/binding.dart:295)
#28 _invoke1 (dart:ui/hooks.dart:164)
#29 PlatformDispatcher._dispatchPointerDataPacket (dart:ui/platform_dispatcher.dart:361)
#30 _dispatchPointerDataPacket (dart:ui/hooks.dart:91)
android 12 miui 13.0.5 , 1.5.0 f-droid repo
still can't
I have reinstalled the passy application multiple times, even tried uninstalling it and removing it from my pc, to then reinstall and no matter what I do, the extension always says no connector found.
v1.5.0 - Browser Extension
First thanks to the developers for your attempt at a new password manager.
Description
I did not see mention of kdbx.
kdbx is a very common import export format for password databases, popularized by another opensource password manager.
The diligent user is also worried about "lock-in"
A user will want to try and stay as along as the app is the best choice to that user.
kdbx files are also password protect-able. So it reduces the risk for passwords lying around in plaintext files in plain sight.
It is preferable if the import/export to kdbx is in-built into the app.
But its also okay, if import/export is done as externally using distributed command line tools.
I noticed the description said something about a backup zip file. I am guessing this is a csv export. More details on that pls?
Expected outcome
no lock-in guarantee
easy to migrate to passy
easy to migrate away from passy
This gives passy motivation to stay competitive and respectful of users choices.
Ref
Hi, entered passwords stay in memory and could be read out by an attacker.
I'll start working on it
After I logged in, pressing passwords the screen suddenly turned gray, I can't access my old passwords.
No response
No response
No response
v1.5.2 - Windows Hotfix
I find it really privacy-conscious that they are aiming for exclusive serverless p2p synchronisation, but could a system be used that allows synchronisation without having to scan qr codes (which doesn't work on my Xiaomi 12X, I have to enter the host manually), like the Brave Sync acting as password, address and credit card manager built into Brave Browser, or at most along the lines of Syncthing?
Both systems use the qr code only for the first association for example, then synchronise with each change, as Bitwarden does, but without a server.
Grey screen when entering 'password' and 'search all items' menu
When entering passwords menu, see the lisp of saved passwords
Log into program, open passwords menu
Don't know where to get
v1.5.2 - Windows Hotfix
Hi,
just another proposal:
whenever I sync with other devices, I feel a bit hesitant to do so. Especially when I altered the database on many devices. It would be helpful to see which passwords get added (or removed!) to then acknowledge or to discard.
Thanks,
Hi @GleammerRay
The app works great. Thanks for your work.
I have been wanting to contribute to some newish open source projects that could benefit from a design revamp/improvement. I am a ui/ux designer by the day and have been wanting to contribute towards better looking open source design?
Do you think there is anything you need help on?
Hi,
as discussed in #13 (comment), here's a separate issue.
Some settings paths have more levels than needed.
Example: Settings -> backup and restore -> backup -> passy backup
thanks
Synchronization is not working on the Snap package.
No response
Attempted to synchronize same account between Android and Snap Passy.
{"error":"type":"Module not found"}
v1.4.1 - Quality Patch
When trying to use autofill, a blank gray screen appears and stays without change, unreactive.
Login screen should appear instead, allowing to sign in and choose an entry to fill.
Enabled Android autofill, attempted to use autofill.
No response
v1.4.1 - Quality Patch
In Padloc, a great FOSS password manager, you have the ability to add attachments, and this works great when a page gives you a file as an account recovery file.
And the history function allows me to see in a timeline the changes I have made to my Vault Items (that is, the file where my password is stored), making it much simpler to recover a password, for example, from a site I changed but didn't apply, so I only keep my new no-saved password, and I need my old password, so I don't depend so much on recovering all my manual backups until I find the one with the correct password.
hi!
¿has your software language files? i want translate your app spanish
thanks!
Hi,
as discussed in #13 (comment), here's a separate issue.
When being in main screen, you can simply press 'back' button to get back to login screen. I'd like to propose to use the screen after login screen as main screen and that you cannot get back to login via 'back'.
Possible replacements could be a toast telling you to double press 'back' or a dedicated icon to 'logout'.
Thanks
Hi,
This might be a very silly question, how do I use obscured passwords?
When I try to copy then in order to login, it just copies the randomly generated password and not the original one.
Thanks!
Sorry for my ignorance, does this mean that Passy will no longer be maintained on that date?
Hi,
it would be great to set specific entries as "favorites" and to have them displayed on the main screen. Then you don't even need to search for passwords most commonly used. (refer to #16)
Thanks
Please add the ability to create and name folders (whatever I want to name the folder, so it will be) to group passwords of similar services for example to group such services as social networks (discord, GitHub, google and others), passwords of gaming companies (E.A. STEAM and others) and banks (login password for banking application, card password), as well as any other services.
Hi,
as discussed in #13 (comment), here's a separate issue.
When being in the login view, there is no button to launch biometric authentication and I'm stuck. I need to switch apps to bring this dialog up.
Thanks
The app looks promising but there is a few quirks that bug me and make it difficult to use. I'm specifically using the android app:
Locking up whenever the app screen is left is too much. It should only prompt for the password when the app is closed and reopened again.
Minor UI suggestions:
1- Add some padding between the username and the password in the log in screen.
2- The 2FA boxes take too much space in the new password menu. You can instead add a button that shows all of these boxes when clicked.
3- Implement a smooth circle bar animation for the 2FA timer.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.