DEV Community

Cover image for KeeOff Android: My carry-on password manager
Mikkel D.
Mikkel D.

Posted on

KeeOff Android: My carry-on password manager

What is KeeOff Android and why am I making it?

Like many others I use a password manager, the one I've chosen being KeePass. My current setup is quite simple, have the database lie remotely on a server hosted by Digital Ocean which I connect to from the client on my computer and phone, keeps it nice and synced. However, if I ever want to use my passwords on another device, I won't be able to get any of them without first getting a client onto the device. Sure, I can go around with a USB everywhere I go with a client or maybe just a SD card, but I'm lazier than that.

My solution? Making an Android app that launches a web server that is able to access my password database on the phone on the same local network. Simple right? Yeah I thought so at first too, I wanted to cheat a little and make it easy on myself, but ended up having to start from square two (because of some help).

Let down by KeeWeb, but they do have a nice library...

What I wanted was just to use a web based password manager called KeeWeb and serve it with a server and then everything would be fine and dandy. But I forgot some things...

KeeWeb uses JavaScript so everything is run in the browser, it is intended for you to use it just as an interface, enter it, select and navigate to a database file on your local device or a remote service using something like WebDav or Dropbox. Not what I was looking for since I want the database file to be stored on my phone, loaded from it and saved to it. No FTP support. Darn.

However other users wanted the same kind of feature as me, but the devs aren't interested in making such a feature, so one person took it upon himself to make a plugin for it. Great! But it requires use of PHP for saving the database on the server, I even thought about making my own plugin but I couldn't find any documentation on how their structure work, only some basic infos and examples - not enough for me wanting to jump out into it.

I could use the guys plugin, but I quickly found out that trying to run PHP code as a server in Java was big task on its own - tried a project called Resin/Quercus but couldn't get it to work. Scratch that then.

Starting from square-two

Luckily I didn't have to start totally from the bottom, as mentioned in the other title, KeeWeb has a great JavaScript library for KeePass v2 databases. Thank some unknown entity for that, I don't trust myself to being able to implement something that can work with KeePass's databases, I only know basic cryptography concepts so no way it would be secure if I made it.

So I snatched that and then found a great web server in Java called NanoHTTPD that is lightweight and easy to use.

Awesome. Now all I had to do is make all of the UI myself and use KeeWeb's library to communicate with the database, iterate over results, display them, make events for when items are clicked. All that fun JavaScript stuff.

Still Work-In-Progress

All the basic features for managing the database is there, can create new groups and entries, can move, rename, and delete them, can edit and get data from entries.

Just one drawback... It can't save. Yeah, pretty big core feature missing that makes the project useless without it. As far as my understanding of the problem goes, NanoHTTPD encodes the data, or at least does something to it, that messes up what the server receives. I've created an issue and still waiting an answer, I can see from the Network Inspector tab in my browser that it is sending the send the correct data to the server, but it is not the same that it receives. Trying to encode it before sending doesn't help neither.

The project will be published to my GitHub when I think it is suitable (maybe when save function finally works) or might do it if a number of people request it out of interest etc.

Things missing

Apart from the saving function I also still need to implement:

  • SSL communication
  • App can change master password
  • A password generator for password fields
  • Other small features and fixes

Discussion (2)

Collapse
mcrocker profile image
Mark Crocker

Why not just use something like Keepass2Android? It's open source, available in Google Play, so you don't have to side load it, and can sync in a variety of ways. Since these are passwords and security is the point, rather than dropbox or Syncthing, I use ssh to sync with the KeePassXC data on my computer whenever I'm at home and have added or changed the data recently.

Once set-up all you need to do to sync, is select the app, authenticate, and select 'Work online'. I usually select 'Work offline' right after that, but it can be done any time before leaving my home network WiFi coverage.

Collapse
mikkel1156 profile image
Mikkel D. Author

KeePass2Android is what I use for my current setup.

As mentioned, the main reason is that if I'm on a device that is not mine, my solution is easier and better since I just need to access my phone through the server it launches.

If I didn't do this I'd need to go around with a client, I could put a portable one on my phone and transfer it when needed to another computer, but that isn't fun, now is it ;)