FortNotes - online password manager

Good afternoon.
I want to share a project that I recently completed. I hope someone comes in handy.
Everyone who has been using the Internet for a long time has probably accumulated a large amount of various private data, such as logins and passwords from sites, mailboxes, servers and databases. Someone has less, someone has more, but everyone has such data. You can store this on scraps of paper, stickers on the monitor, in a notebook on the bedside table or in a file on the desktop. Many people suspect that this is not very safe: someone can peep or you can lose this precious data corny, but usually rarely someone tries to do something about it.
The Internet has entered our lives very tightly and it would be nice to be able to streamline and secure your data. Even if you don’t keep millions in banks and don’t worry that someone will steal the password from your bank account, this does not mean that it will be nice to lose access to mail, wm-keeper or facebook. Personal correspondence, business contacts, photographs, secret information of various kinds - all this should not be available to anyone except the owner.

General description of the system


FortNotes is Fort Knox for user data. The technology at the heart of this project is BlackBox , a black box or an encrypted container. All entries created on this site are immediately encrypted directly in the browser using AES(the symmetric block encryption algorithm adopted as the encryption standard by the US government) and only after that they are sent to the server in encrypted form. This means that no one except the data owner has access to it. Neither the interception of Internet connection data, nor the study of an encrypted container by an unnecessarily curious site administrator will not allow access to the source data. Without a user password, this would be just a meaningless mix of characters. The black box is decrypted into real information only upon entering the FortNotes website and entering a password. Thus, users do not trust the storage of their secret data is unclear to anyone: the FortNotes server only stores encrypted black boxes and nothing more, no information in clear form. Even the username doesn’t go beyond the user’s computer and browser, under which registration takes place in the system. Everything is encrypted before being sent to the server. When data is needed, a request is sent, the crypto container is downloaded and decryption takes place. The process is automated and transparent: only a preliminary password is required.

Going deeper


registration


To register in the system, only a username and password are required, which are converted to a sha256 hash before sending to the server, which essentially makes the registration anonymous. Instead of user names and their passwords, the database stores character sequences of the form "a9dc602f9d82bc6720b2b4bb016edcacf7da4b2b453a466b742da743f3cba15d". The server does not store any data that could identify users. For the same reason, the user's e-mail is not requested, so login and password recovery is not possible. A high level of security imposes certain requirements: there are no backdoors, no “recover forgotten passwords”. This means that the loss of this password is equivalent to the loss of the entire database of secret user data. The modal registration window insists on this:



Captcha is used for verification of registration:



After successful registration, a redirect to the user section occurs. Each time you enter this closed section, a password is requested, which is necessary for all data encryption and decryption operations. The password is stored in RAM for a limited (customizable) time, after which it is cleared and again requested by the user:



Before clearing the password (after the expiration of its storage time), all data that has not yet been saved is encrypted and temporarily stored in the browser without sending to server. After the user enters his password, this data will be restored, and the user will be able to continue working.

Two commands are available in the upper right corner of the screen:
  • Lock allows you to immediately encrypt all open data, erase the password from the memory and lock the screen until the password is entered. It is important to remember that if at that moment any given notes were edited and they were not saved, then with this blocking, these changes will remain only in the browser and will not go to the server until the user explicitly saves the note.
  • Exit performs a complete logout with clearing the password from memory, deleting all user caches and sessions on the server, and then redirecting it to the project home page.

Create and edit notes


The main unit of information in the system is note - note. Notes can be of different types. To create notes, there are a dozen basic types, designed in the form of templates. With their help, in one click you can get a note such as “mailbox”, “site”, “jabber account”, “ssh / ftp server”, etc. Types are not static, but more on that later. List of typical templates for notes:



Each note consists of a set of fields ( entry ), which are the final fields for entering information, and a list of tags separated by a space. So, for example, a note like “skype” consists of three fields: skype name (skype account name), password (password), comments (optional comment field) and looks like this:



Fields, in turn, are also divided by type: simple single-line text, e-mail, URI (for site type addresses), password, multi-line text, html.
The division by type for fields allows you to add various auxiliary operations: for example, for a field of type “password”, the function of generating a random password of a given length becomes available, for an address field when entering a URL, an attempt is made to obtain a description of the site and icons for further use.

As already mentioned above, the fields in the notes are not static. In a Skype note, you can add a new field of any type at any time (for example, e-mail) and position it in the desired place, you can delete any existing field (restore the deleted one), move it higher or lower, change the type or simply edit it field text and title.
When you hover over a field, additional controls pop up: The



type of any field can be changed at any time using the appropriate item. The title text (if it was changed) and the data is saved.



Separately, it is worth noting a review of the change history of each field with the ability to roll back to previously saved values. Both the field data and the header are restored. When you select the appropriate item in the pop-up menu, a table appears with the last ten history values ​​and a link to restore:



When you change the title or data of an existing note, the modified data is highlighted:



After making changes while saving a note, which fields were added and which were updated (plus - a new field, a checkmark - updated):



When editing a note, it is possible to perform a quick save using the key combination Ctrl + Enter .
In addition to saving, two special commands are available - duplicating the current note and creating a new note similar to the current one, but with empty fields. This will be convenient when creating a series of notes of the same type.

Search and filter


Search on the server side is carried out using tags listed with a space in the search bar. Using a tag with a minus sign in the search in front of it displays a list of notes where such a tag does not occur. In addition to user tags created when adding notes, there is a set of system tags to get a list of deleted notes, notes without tags or filtering by the last access time. Such tags are available in the search bar after entering the colon character " : ". The example below shows the result of searching for records for the last month, where site , work, and dev tags are found , but the php tag is not found :



The resulting list displays all matching notes, where each line corresponds to one note with a brief indication of the contents of the fields, the date of the last change and a complete list of tags. When you click on a tag, you can add it to the search conditions or remove it from the search if it has already been there. While holding down the Ctrl key, you can add the selected tag with a minus sign to the search.

The search field supports intelligent auto-completion. It is enough to start entering the tag name and immediately a list of possible options will be displayed taking into account the tags already entered. Those. only those tags that are paired with those already shown are displayed.



A tag search returns the first 20 notes. If you need to get a complete list, you can use the appropriate linkload all . There are also links to highlight all notes, deselect and invert. In order to start working with a note, just click on it with the mouse, after which the line will be checked and highlighted in green, and the note will open in edit mode. It is also possible to tick one or more notes by clicking on the desired line while holding down the Ctrl key . Similar to working in file managers, selecting notes while holding down the Shift key works - selects all elements between two clicks of the mouse. You can perform general operations on selected checkmarks with notes: deleting or restoring deleted ones. To enter the recovery mode for deleted notes, you can use the system tag : deleted. Also, the ability to switch to recovery is present in the tooltip that pops up immediately after deleting the selected notes.
If words that are not tags are found in the search bar, they will be used to further filter all notes uploaded to the list.



Technical side


The development languages ​​are PHP and Javascript. The second is significantly larger, because the main work is on the client side. The role of the server side is reduced to registration / authorization and processing of AJAX requests for saving / receiving data and its search. For AES encryption on the client using a 256-bit key, the wonderful SJCL library (Stanford Javascript Crypto Library) is used.

The client side is essentially a web application that works without reboots, and consists of a set of js classes. The jQuery library and modules for it are actively used : jquery-autocomplete and SimpleModal. There is a system core, the main function of which is to store and receive a password, as well as encrypt and decrypt data using this password. All other modules of the system (using the observer template ) are notified of the receipt of a password from the user or the expiration of their storage time. Depending on this, the decryption of the closed data occurs with further display, or the cleaning / encryption and blocking.
All communications between the client and server are carried out by data in the JSON format. When the web application starts, all the reference data is already present on the page in the form of JS arrays and objects. Further requests are made using background AJAX requests.

For the server side, a micro-framework with CNC support and absolutely minimal functionality was developed . The “nothing more” approach and maximum caching (general data - APC , user - JSON in gz-encoded files on the RAMFS partition in RAM) made it possible to achieve very impressive performance indicators. So, for example, generating a closed user section page takes 5-7ms on an old Athlon 2800+ level machine.

The web server used is Lighttpd . PHP-FPM as a FastCGI process manager.
Database - MySql. Access is provided through its implementation of an approach similar to the MeekroDB library . The difference is the use of PDO and the built-in validation of tables and fields. This library is highlighted in a separate project . The use of PDO in theory means the ability to work with other databases (in addition to MySql), but this has not been tested.

To minimize calls to the server, all JS files are packed into one collective file all.js, and all CSS files are packed into all.css. When modifying any source file in debug mode, automatic rebuilding occurs.

The system contains two shell scripts init.sh and halt.sh, which are executed when the server starts and shuts down, respectively:
  • init.sh creates a directory for the cache (if necessary) and mounts it as RAMFS . If there is a backup of previously cached data, then they are transferred to the cache. Additionally, verification and creation (if necessary) of sub cache directories responsible for different data occurs. The required access rights are set. A database structure is generated for use in subsequent verification of table and field names. Checking and creating a folder of logs, its contents and setting rights. Preparing collective files for JS and CSS files. Running php-fpm and lighttpd.
  • halt.sh shuts down lighttpd and php-fpm. It backs up all cached data and disables the cache.

Finally


The system is free and open to all. Moreover, it is distributed with open sources, so anyone can personally audit the code or, if necessary, install this system on their personal home or corporate server. Full source codes are in the public mercurial repository , and detailed installation instructions are on the wiki .
The plans: add data import / export, detailed audit, session management, settings and multilingualism.
The site address is http://fortnotes.com/
Or a secure encrypted connection is https://fortnotes.com/
Project on ohloh.net .
Constructive comments and suggestions are welcome.
Pleasant and safe work :)

Update (2013.02.10): The
code and documentation were cleaned, minor bugs were fixed.
Added the ability to run using the Apache web server.
Added support for embedded PHP web server. This removes the required dependency on Apache or Lighttpd.
Added support for sqlite databases. This makes it possible to quickly install the system without any external databases (such as Mysql).
Representative offices in various social networks were created: Google+ , Facebook , VKontakte .

Update (2013.03.30): The
next batch of minor edits, optimizations and updates to the source code documentation.
Activation and support of the SJCL mechanism for generating entropy to improve the quality and cryptographic stability of random passwords generated.
The long-awaited implementation of backup recovery. The user and password in backup must match the login and password of the account where the recovery is performed. All old data will be deleted, and data from the backup file will be imported.
When exporting, a more convenient name is offered, it became possible to completely log out of the system in the password request window.
Added a detailed step- by -step installation guide for the project (windows system, Sqlite base, built-in php web server) and a detailed description of the architecture in English.

Update (2013.11.13):
A complete redesign of the system is underway. Emphasis on scalability, multi-platform support, ease of installation and operation. Everyone is welcome.

Update (2018.06.05):
Released test Docker images of the current version with minor cosmetic changes and serious internal processing.
Details - github.com/fortnotes/legacy/tree/master/docker

Update (2019.05.01):
The project moved to its own dedicated server. The uptime and responsiveness of the service should greatly increase. All subsystems are transferred to Docker containers. The site is divided into two parts: fortnotes.com with general information and an application for working with encrypted data - app.fortnotes.com. The application itself has been significantly improved and optimized.

Also popular now: