Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

P-Wallet - Personal Encrypted Wallet for Passwords and Texts

0.00/5 (No votes)
15 Nov 2006 1  
A utility application for keeping passwords in a single encrypted file
Sample Image - P-Wallet.png

Introduction

If you work with computers, you have to remember a lot of passwords, PINs and entry codes. Of course, this is usually beyond mere mortal mental power, so you inevitably end up with some text files or even sticky notes. In such situations, you start thinking (like me) about a better way to store your “secrets”.

P-Wallet is a small utility application that allows you to hold everything in a single file. It makes use of .NET 2.0 built in the RijndaelManaged class with AES and 256 bit secret key. It also follows some ideas from the TechNet article “Pass Phrases vs. Passwords”, so it uses both short password and long pass phrase (or you can opt to use only one strategy).

Trojan Problem

Why would anybody like to use P-Wallet ? The main advantage (namely for developers) is that P-Wallet comes with the source code and it is so short that you can review the code and make sure yourself that the program does what it is supposed to do and nothing more. This eliminates the main trouble (am I only paranoid here?) with 3rd party "wallets" – you cannot have a look inside either because the source is unavailable or because it would be too complicated or time consuming to inspect it. Then it is easy to compile the program yourself in VC# Express, MSBuild or by command line. There is only one 3rd party you have to trust – Microsoft and its .NET.

How It Works

All data and configurations are stored in a DataSet, which is saved to and loaded from a file by using the CryptoStream class, with the supplied RijndaelManaged crypto provider.

BinaryFormatter bf = new BinaryFormatter();
using( FileStream fs = new FileStream(CurrentFileName, FileMode.Create) ) {
    RijndaelManaged rij = new RijndaelManaged();
    rij.BlockSize = 256;
    using( CryptoStream cs = new CryptoStream(fs, 
        rij.CreateEncryptor(GetKeyFromText(WalletPassword), 
        GetKeyFromText(WalletPhrase)), CryptoStreamMode.Write) ) {
        bf.Serialize(cs, Storage);
    }
}

Supplied credentials are randomized using hash.

byte[] GetKeyFromText(string text) {
    SHA256Managed sha = new SHA256Managed();
    return sha.ComputeHash( Encoding.Unicode.GetBytes(text) );
}

Displaying is done through DataGridView (this is constructed on-the-fly in code) placed on PageTab. For each “security area” represented by PageTab you can specify the direct visibility of password.

The expected usage is to copy password to clipboard (by button next to it) and paste it where needed. This implies a security hole when using on a computer in-a-wild. Make sure you have overwritten the clipboard, or better logged off. Internally utility stores passwords as normal System.String, so it is not safe while the process runs (using debugger, you can find the passwords).

The utility accepts a single command-line parameter specifying file name to open. If you manually associate the app's default file extension .PWallet with it, it will allow you to double-click the file.

Another way to open an encrypted file automatically is to place it into the same directory as the executable and name it after the executable, but with .PWallet extension (typically PWallet.PWallet). In all other cases, the application will open empty.

Warning

If you are about to use this utility on a public computer, keep in mind that the file is encrypted, but data in running processes are not encrypted, so they can end up in a page file or other non-secure places. Anyway, it is much better than using a text file for the same purpose.

History

  • 15th November, 2006: Initial post

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here