The Telegram team announced the Saved Messages tab quite a while ago. Over time, my friends and I noticed that some of our passwords from services began to appear there as well, and “Saved Messages” is already being used as a password repository.
It’s quite convenient, but there are some disadvantages:
- Passwords are not encrypted.
- It is hard to search without tags, because there is other information
- It’s inconvenient to associate the service with the password
- You have to select when copying (which is not always convenient when there are special characters)
Solve this problem securely for passwords with a bot, before the release of Telegram WebApp was impossible with one bot(you can encrypt separately and send the result):
- No client side(code that can be verified)
- Send unencrypted passwords to server is unsafe
With the advantage of WebApp this can be done (the main thing is to think up and remember the master-password):
- Send the encrypted password to the server (there we encrypt the password a couple more times to secure the database)
- When we need a password, we request it and decrypt it using the master password on the client side
That’s how this bot came about.
Below I will show a short video of the bot:
How it works:
- You add a password with the title
- You enter the master password for encryption
- Send title + encrypted password to the server (master-password is never sent)
- On the server, encrypt the password and userId a second time with the server master-password
- The entry is saved in the database ……
- You request the password
- The entry is retrieved from the database and decrypted with the server master-password
- Sent to the client side
- You see the decrypted password and can copy it
The client part of the application is posted in the repository:
This project was generated with Angular CLI version 13.3.5.
ng serve for a dev server. Navigate to
http://localhost:4200/. The application will automatically reload if you change any of the source files.
ng generate component component-name to generate a new component. You can also use
ng generate directive|pipe|service|class|guard|interface|enum|module.
ng build to build the project. The build artifacts will be stored in the
Running unit tests
ng test to execute the unit tests via Karma.
Running end-to-end tests
ng e2e to execute the end-to-end tests via a platform of your choice. To use this command, you need to first add a package that implements end-to-end testing capabilities.
To get more help on the Angular CLI use
ng help or go check out the Angular CLI Overview and Command Reference page.
With the command /version you can always see the commit number of the client part of the application and see the code.
I have long thought about monetisation and after consulting with friends I settled on the option 3 passwords can always be stored, and for a donation of 3 euros a month you can store any number
Thank you for your attention!
PS: Let me take advantage of the opportunity to be promoted again: