Cipher Box is an innovative TOTP (Time-Based One-Time Password) generator and Password Manager application, designed to address the concerns of cloud storage for sensitive user data. Unlike traditional systems such as Google Authenticator, which store backups on the cloud, Cipher Box takes a different approach to ensure the utmost security and privacy of your data.
The primary concern with cloud storage is the lack of transparency and control. Users often don't know where their data is stored or who has access to it. Cipher Box eliminates these concerns by providing an end-to-end encrypted password manager built on the Internet Computer.
Cipher Box leverages VETKeys, a feature on the Internet Computer for onchain encryption and privacy, to encrypt passwords and secret keys on the client side before storing them on backend canisters. This ensures that the user remains in control of their data at all times. The encrypted symmetric key for user is generated by VETKeys system api with transport public key and is decrypted on the client side using the user's principal, transport secret key and VETKeys system api public key. This decrypted symmetric key is then used to encrypt the user's passwords and TOTP secret keys. And also this symmetric key is used to decrypt encrypted passwords and TOTP keys that are stored in backend. Encryption and decryption occurs only on the user device.
The result is a system where users can securely store their encrypted passwords and TOTP secret keys on canisters, of which they are the controller. Users can also decrypt their passwords and TOTP secret keys from the frontend using the decryption key.
With Cipher Box, you can rest assured that your sensitive data is secure, private, and under your control.
This is only a Proof of Concept and currently uses an insecure implementation of the proposed vetKD system API in a pre-compiled form via the vetkd_system_api.wasm. Do not use this in production or for sensitive data! This example is solely provided for demonstration purposes.
Cipher Box currently supports these features:
- Generate AES symmetric key based on user principal for encryption and decryption
- Client side encryption before sending into backend
- Encrypted password store on the blockchain instead of trusting centralized Big Tech Cloud
- Encrypted TOTP secret key store on the blockchain instead of trusting centralized Cloud
- TOTP generator
- Random password generator
- Login via Internet Identity and No additional master password required
Current architecture consists of 4 canisters for local development:
- frontend canister
- backend canister
- vetkd_system_api canister
- internet identity canister (for local developlment only)
Before you begin, ensure you have met the following requirements:
-
dfx: You have installed the latest version of the DFINITY Canister SDK,
dfx
. You can download it from the DFINITY SDK page. -
Node.js: You have installed Node.js, version 18 or above. You can download it from the Node.js website.
-
mops: You have installed
mops
. If not, you can install it using npm by running the commandnpm i -g ic-mops
or you can find in mops website.
To get a local copy up and running, follow these simple steps:
- Get a clone of this repository:
git clone https://github.com/ahdrahees/cipher-box.git
- Install dependencies:
npm install
- Install motoko Packages:
mops install
- Open new terminal to start your local replica:
dfx start --clean
- Open new terminal and deploy Local Internet Identity canister:
npm run localii
- Deploy Vetkd system api canister:
dfx deploy vetkd_system_api
- Deploy Backend canister:
dfx deploy backend
- Start a frontend development server:
npm run dev
You will then be able to access the frontend via url provided by development server or http://localhost:5173/
If you're seeing this, you've probably already done this step. Congrats!