beval/password_zebra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add README

Browse Source
This commit is contained in:
pavelb 2026-03-06 20:27:06 +01:00
parent f50226f88f
commit a4dfb88a5d
1 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
README.md Normal file
View File

@ -0,0 +1,68 @@
# Password Zebra
An open-source Android password manager with two core features: a syllable-based random password generator and a deterministic password vault. No passwords are stored — they are derived on demand.
**Minimum Android version:** 10 (API 29)
<!-- Screenshots -->
## Features
### Random Password Generator
Generates memorable, pronounceable passwords from a syllable corpus. Options:
- Word count (110)
- Remove spaces
- Add special characters (uppercase letter, digit, special symbol inserted at random positions)
### Deterministic Password Vault
Derives passwords reproducibly from three inputs:
- **Master password** — known only to you, never stored
- **Device secret** — random key generated once and stored in Android Keystore via EncryptedSharedPreferences
- **Service name + counter** — identifies the account and allows rotation
The derivation uses **Argon2id** (memory: 64 MB, iterations: 3) so the same inputs always produce the same password, on any device that has the same device secret.
**Service history** is saved locally so you can quickly regenerate passwords for known services.
### Export / Import
Transfer your device secret and service history to another device using an encrypted QR code, secured with Android device credentials (PIN/pattern/password).
## Security
- Screen content is protected with `FLAG_SECURE` (no screenshots, no recent apps preview)
- Master password is held as `CharArray` and wiped from memory immediately after derivation
- Device secret lives exclusively in Android Keystore-backed EncryptedSharedPreferences
- No network permissions; no data leaves the device
## Build
```bash
# Debug APK
./gradlew assembleDebug
# Install on connected device
./gradlew installDebug
# Unit tests
./gradlew test
# Lint
./gradlew lint
```
Release signing requires a `keystore.properties` file at the project root:
```
storeFile=<path to .jks>
storePassword=<password>
keyAlias=<alias>
keyPassword=<password>
```
## Tech Stack
- Kotlin + Jetpack Compose + Navigation Compose
- Material 3 with dynamic color (Android 12+)
- Argon2id via Bouncy Castle (`bcprov-jdk15on`)
- EncryptedSharedPreferences (`security-crypto`)
- QR export/import via ZXing
## License
GNU General Public License v3.0 — see [LICENSE](LICENSE).