Last week I thought that sometimes Telegram messenger is very useful for quick-send of passwords or any text information across your devices. But it’s not every time secure when you save raw passwords/text somewhere in messengers. And I decided to develop a password manager into a telegram bot, first what I thought that it should be safe and encrypted and so I decided on such a technical stack:
- Golang framework for telegram API: github.com/tucnak/telebot
- XXHash to hash our key in the database: github.com/cespare/xxhash
- SHA256 to hash our key to 32b type (will be used for encryption)
- SQLite database: github.com/glebarez/sqlite
- ORM for our internal SQLite DB: gorm.io/gorm
- Other packages for logging/etc
A bit about UI:
A bit about technical realization:
Register key:
- User registers key by command
- Key hashed and saved
- Created user with user_id from telegram and key hash
Unlock manager:
- Send key by unlocking command /unlock
- Hash key and check it in DB
- Save the key in memory by user_id
- Return unlocked UI
Add password:
- Send password
- Use the stored key from the memory
- Encrypt password
- Save encrypted password in DB
Show passwords:
- Render UI with passwords by name
- After clicking on the password find the encrypted password in DB
- Use the stored key from the memory
- Decrypt password and return password for 10 seconds
You can find a demo preview here: https://t.me/EncryptedWalletBot
And all sources are in GitHub repository: https://github.com/Fuchsoria/Encrypted-Password-Manager