Click here to Skip to main content
Click here to Skip to main content
Go to top

P-Wallet - Personal Encrypted Wallet for Passwords and Texts

, 15 Nov 2006
Rate this:
Please Sign up or sign in to vote.
A utility application for keeping passwords in a single encrypted file
Sample Image - P-Wallet.png

Introduction

If you work with computers, you have to remember a lot of passwords, PINs and entry codes. Of course, this is usually beyond mere mortal mental power, so you inevitably end up with some text files or even sticky notes. In such situations, you start thinking (like me) about a better way to store your “secrets”.

P-Wallet is a small utility application that allows you to hold everything in a single file. It makes use of .NET 2.0 built in the RijndaelManaged class with AES and 256 bit secret key. It also follows some ideas from the TechNet article “Pass Phrases vs. Passwords”, so it uses both short password and long pass phrase (or you can opt to use only one strategy).

Trojan Problem

Why would anybody like to use P-Wallet ? The main advantage (namely for developers) is that P-Wallet comes with the source code and it is so short that you can review the code and make sure yourself that the program does what it is supposed to do and nothing more. This eliminates the main trouble (am I only paranoid here?) with 3rd party "wallets" – you cannot have a look inside either because the source is unavailable or because it would be too complicated or time consuming to inspect it. Then it is easy to compile the program yourself in VC# Express, MSBuild or by command line. There is only one 3rd party you have to trust – Microsoft and its .NET.

How It Works

All data and configurations are stored in a DataSet, which is saved to and loaded from a file by using the CryptoStream class, with the supplied RijndaelManaged crypto provider.

BinaryFormatter bf = new BinaryFormatter();
using( FileStream fs = new FileStream(CurrentFileName, FileMode.Create) ) {
    RijndaelManaged rij = new RijndaelManaged();
    rij.BlockSize = 256;
    using( CryptoStream cs = new CryptoStream(fs, 
        rij.CreateEncryptor(GetKeyFromText(WalletPassword), 
        GetKeyFromText(WalletPhrase)), CryptoStreamMode.Write) ) {
        bf.Serialize(cs, Storage);
    }
}

Supplied credentials are randomized using hash.

byte[] GetKeyFromText(string text) {
    SHA256Managed sha = new SHA256Managed();
    return sha.ComputeHash( Encoding.Unicode.GetBytes(text) );
}

Displaying is done through DataGridView (this is constructed on-the-fly in code) placed on PageTab. For each “security area” represented by PageTab you can specify the direct visibility of password.

The expected usage is to copy password to clipboard (by button next to it) and paste it where needed. This implies a security hole when using on a computer in-a-wild. Make sure you have overwritten the clipboard, or better logged off. Internally utility stores passwords as normal System.String, so it is not safe while the process runs (using debugger, you can find the passwords).

The utility accepts a single command-line parameter specifying file name to open. If you manually associate the app's default file extension .PWallet with it, it will allow you to double-click the file.

Another way to open an encrypted file automatically is to place it into the same directory as the executable and name it after the executable, but with .PWallet extension (typically PWallet.PWallet). In all other cases, the application will open empty.

Warning

If you are about to use this utility on a public computer, keep in mind that the file is encrypted, but data in running processes are not encrypted, so they can end up in a page file or other non-secure places. Anyway, it is much better than using a text file for the same purpose.

History

  • 15th November, 2006: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Pazu
Web Developer
Czech Republic Czech Republic
No Biography provided

Comments and Discussions

 
GeneralWell done! PinmemberMehdi Mousavi16-Nov-06 6:37 
AnswerRe: Well done! PinmemberPazu17-Nov-06 4:06 
Long story short: the main idea is not “program to keep passwords”, but the idea “program simple, easy to understand and easy to compile by use so he/she can trust it”.

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140905.1 | Last Updated 15 Nov 2006
Article Copyright 2006 by Pazu
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid