Fill in login forms using an OpenPGP-enabled smart card
UPDATE: Due to collisions with the global keyboard shortcuts on Chrome OS, the default shortcut for this extension has been changed to Ctrl+Shift+P (resp. Cmd+Shift+P on Mac). The keyboard shortcut can always be changed under chrome://extensions/shortcuts.
Fill in login forms using an OpenPGP-enabled smart card.
*** NOTE: This extension requires the Google Smart Card Connector extension <https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco> to be installed and enabled. ***
This extension is meant to be used with a Google Drive™-synced password store generated by zx2c4's ‘pass’ <https://www.passwordstore.org> and encrypted using an RSA key stored on a smart card such as a YubiKey, Nitrokey or a Fellowship smart card.
It is compatible with one of the two storage formats supported by Danny van Kooten’s ‘browserpass’ <https://github.com/dannyvankooten/browserpass>, which this extension is based on. This storage format is also used by the Android app ‘Password Store’ <https://github.com/zeapo/Android-Password-Store>.
For example, encrypted password files for a login form at ‘https://(www.)login.domain.com/secure.html’ can be stored in any Google Drive™ folder called ‘login.domain.com’ and should have file names of the type ‘username.gpg’, where username is replaced by the username used to log in. The content of the files are the GPG-encrypted passwords for the respective username. Both raw and ASCII armored encrypted files are supported.
There can be multiple logins and/or folders per domain and these files can be encrypted using keys on different smart cards. The decryption request will be sent to the smart card with the matching public key.
On first use, the extension will request read-only access to your files on Google Drive, which is needed to find and read encrypted password files. It will also trigger a warning message from the Smart Card Connector extension, since this extension is not contained in its whitelist of smart card middleware applications.
The smart card PIN (or any other user data) is never stored and is only kept in memory for as long as necessary (or requested by the user in case of PIN caching). The extension requests exclusive access to the smart card reader.
In order to synchronize your local password store with Google Drive™, you can use the CLI tool ‘drive’ <https://github.com/odeke-em/drive>.
The extension has been tested on Chrome OS and Ubuntu 16.10 with YubiKeys, but should work on any OS supported by the Smart Card Connector extension and with any smart card obeying the OpenPGP Card 2.0 standard. Note that the Smart Card Connector extension can get in the way of gpg-agent if both are enabled at the same time.
Get the source code on GitHub:
https://github.com/FabianHenneke/smart-pass
____________________________________
This software underlies the following license:
The MIT License (MIT)
Copyright (c) 2017 Fabian Henneke
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This software is based on ‘browserpass’ <https://github.com/dannyvankooten/browserpass>, which underlies the following license:
The MIT License (MIT)
Copyright (c) 2016 Danny van Kooten
This software uses ‘Material Icons’ <https://material.io/icons/>, which underly the following license:
Copyright (c) 2017 Google
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
This software uses ‘openpgp.js’ <https://github.com/openpgpjs/openpgpjs>, which underlies the following license:
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
This software uses ‘mithril.js’ <https://github.com/lhorie/mithril.js>, which underlies the following license:
The MIT License (MIT)
Copyright (c) 2017 Leo Horie
This software uses ‘Google Chrome OS Smart Card Connector API’ <https://github.com/GoogleChrome/chromeos_smart_card_connector>, which underlies the following license:
Copyright 2016 Google Inc. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
This software uses ‘chrome-promise’ <https://github.com/tfoxy/chrome-promise>, which underlies the following license:
The MIT License (MIT)
Copyright (c) 2015 Tomás Fox
Full license texts are provided in the file ‘LICENSE’ contained in the downloaded .crx file (which is a ZIP archive).
Latest reviews
- (2020-01-08) Kosebamse: Нихрена не работает. Оно и не удивительно.