JPass is a simple, small, portable password manager application with strong encryption. It allows you to store user names, passwords, URLs and generic notes in an encrypted file protected by one master password.

Features:

• Strong encryption - AES-256-CBC algorithm (SHA-256 is used as password hash)
• Portable - single jar file which can be carried on a USB stick
• Built-in random password generator
• Organize all your user name, password, URL and notes information in one file
• Data import/export in XML format

Java 8 or later is recommended to run JPass. Most platforms have a mechanism to execute .jar files (e.g. double click the jpass-0.1.15-SNAPSHOT.jar). You can also run the application from the command line by typing (the password file is optional):

java -jar jpass-salt-0.1.15-SNAPSHOT-jar-with-dependencies.jar [password_file]

You can find the latest distribution package under the releases link.

• Maven: mvn clean compile assembly:single -Dmaven.test.skip=true

Default configurations can be overridden in jpass.properties file:

This salt branch uses a stronger encryption technique than the master branch, such as sult. Due to this newly added scheme, the .jpass files produced with the master branch cannot be opened.

New .jpass contains following structure.

[36bytes:random salt][16bytes:CBC initial vector][rest:gzip binary]
*gzip binary: [encrypted gzip of xml (AES256 CBC mode)]

The 256 bit key to encrypt the xml file is being created with the following method.

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(password, salt, 65536, 256);

Due to this PBKDF2 algorithm, it requires JRE of which version is greater than or equals to 1.8.

The salt encryptition makes it impossible to prepare rainbow tables. For example, look at the table of the pairs of a key and its SHA256 value.

--Ryoji

The structure of the encrypted file .enc is the same of the .jpass file.

--Ryoji

Note: Encrypted pass phrase becomes very long text.

TIMaLK0tyZE+2+kyj+I4AIdgt1sji/uNxoTz/ArFogjt6xFjRT6dmxSk2quZqG
53XqmHYJQmYGUN/WapyhSzwu3Gr5tKCTx3cyqobZ+tciDgZsT0GYc2CLmCvSlW
rwCJD5fG1Te5oSv6eJCW1gj6SgE3IJrIac2FTEZbKBThmTq36XfLEdXgfCZnuW
l/GcUValZcOXOHHrNdijUzO5KFEfJu42mm8C6PBn6UWEpNqVwSDz9rQ9M75T2W
bUpJttVR92l8O0iWk0GwFpIW+dvC8AD0Tyih96JXcPanU04LxJE7nFELMltRF+
LMzWELuJWx0KT+HTPA0NG4J0/4Q9cQKPKG70b0LCn5rSJiJMZEn+1cTKVGpgbt
NnnspqbTejyNe8YGNSx/1J38ORJhPT874OR7B75yM0QJO9zRtt1LpLGBkRr1KY
J8cbtkaZWYVDzrVuL81NLfL7dYqqoiiGNP8IGQ/M3LCh73YVMFnhUKFq7q+dGw
rfZHDXHSuh1J/OA8JH4hSuhMUnvLi0D27DqfVG7b2HiL7+3tTR8QbFXyAumZtO
6/FzQg5sOui5mGWxpp+KGvkxmdC4PLiw+Mc9fmdRA1WOM8ep3hTIxYZ4ykKkbZ
9RAYrznsQTQIcGj1XDMxJ+gaRD4YW5RNNqJnH+ccZJaixaqF+h0BnyqXsKBnR8
0=

• encrypted phrase changes every time due to the usage of random.

--Ryoji

This feature is the conbinaiton of RSA pass phrase encryption and AES file encryption.

1. This app generates a random passphrase. a. The passphrase is encrypted by the public key selected. b. The text message is encrypted by the passphrase.
2. This app conbines them.
   [RSA encrypted passphrase in base64 String].[AES encrypted text message in base64 String]
3. This app recovers the random passphrase. a. The passphrase is decrypted by the private key selected. b. The text message is decrypted by the passphrase.

• RSA encrypted passphrase- the same format of RSA pass phrase encryption
• AES encrypted text message - the same format of AES file encryption

--Ryoji

Copyright (c) 2009-2017 Gabor Bata

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software includes MicroCrypt 0.3, covered by the following license:

Copyright (c) 2007 Timm Knape

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of Timm Knape nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software includes SpringUtilities, covered by the following license:

Copyright (c) 1995-2008 Sun Microsystems, Inc.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of Sun Microsystems nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software uses icons from the Silk icon set by Mark James.

The Silk icon set is licensed under a Creative Commons Attribution 2.5 License.

This software uses icons from the Tango base icon theme.

The Tango base icon theme is licensed under the Creative Commons Attribution Share-Alike license.

The icon kgpg_key3.png was created by David Vignoni (GNU/GPL) https://commons.wikimedia.org/wiki/File:Kgpg_key3.png