DEV Community

Cover image for SafeStorageBot - keep’s your secrets in Telegram
Iurii Panarin
Iurii Panarin

Posted on

SafeStorageBot - keep’s your secrets in Telegram

The Telegram team announced the Saved Messages tab quite a while ago. Over time, my friends and I noticed that some of our passwords from services began to appear there as well, and “Saved Messages” is already being used as a password repository.

It’s quite convenient, but there are some disadvantages:

  1. Passwords are not encrypted.
  2. It is hard to search without tags, because there is other information
  3. It’s inconvenient to associate the service with the password
  4. You have to select when copying (which is not always convenient when there are special characters)

Solve this problem securely for passwords with a bot, before the release of Telegram WebApp was impossible with one bot(you can encrypt separately and send the result):

  1. No client side(code that can be verified)
  2. Send unencrypted passwords to server is unsafe

With the advantage of WebApp this can be done (the main thing is to think up and remember the master-password):

  1. Encrypt the password with a master password using Javascript (crypto API/crypto-JS) on the client side
  2. Send the encrypted password to the server (there we encrypt the password a couple more times to secure the database)
  3. When we need a password, we request it and decrypt it using the master password on the client side

That’s how this bot came about.


Below I will show a short video of the bot:

How it works:

  1. You add a password with the title
  2. You enter the master password for encryption
  3. Send title + encrypted password to the server (master-password is never sent)
  4. On the server, encrypt the password and userId a second time with the server master-password
  5. The entry is saved in the database ……
  6. You request the password
  7. The entry is retrieved from the database and decrypted with the server master-password
  8. Sent to the client side
  9. You enter your master password and decrypt on the client side using javascript
  10. You see the decrypted password and can copy it

The client part of the application is posted in the repository:


This project was generated with Angular CLI version 13.3.5.

Development server

Run ng serve for a dev server. Navigate to http://localhost:4200/. The application will automatically reload if you change any of the source files.

Code scaffolding

Run ng generate component component-name to generate a new component. You can also use ng generate directive|pipe|service|class|guard|interface|enum|module.


Run ng build to build the project. The build artifacts will be stored in the dist/ directory.

Running unit tests

Run ng test to execute the unit tests via Karma.

Running end-to-end tests

Run ng e2e to execute the end-to-end tests via a platform of your choice. To use this command, you need to first add a package that implements end-to-end testing capabilities.

Further help

To get more help on the Angular CLI use ng help or go check out the Angular CLI Overview and Command Reference page.

With the command /version you can always see the commit number of the client part of the application and see the code.

Frontend encryption module

I have long thought about monetisation and after consulting with friends I settled on the option 3 passwords can always be stored, and for a donation of 3 euros a month you can store any number

Thank you for your attention!

PS: Let me take advantage of the opportunity to be promoted again:

Oldest comments (0)