5

Research Article
Volume-1 | Issue-1| Jan-Jun-2024|
JOURNAL OF
Information Technology and
Cryptography
Double Blind Peer Reviewed Journal
DOI: https://doi.org/10.48001/JoITC

Implementation of Secure Password Manager

Vijay Mane1*, Aditya Raje1

1
Department of Electronics and Telecommunication Engineering, Vishwakarma Institute of Technology, Pune,
Maharashtra, India
*
Corresponding Author’s Email: vijay.mane@vit.edu

ARTICLE HISTORY: ABSTRACT: In everyday life, we have many files which we want to safeguard against
prying eyes. For that, this paper introduces a vault encrypted with AES to save those
Received: 10th Jan, 2024
important files. Also, with growing internet usage, and usernames and passwords required
Revised: 29th Jan, 2024 everywhere, there is a need for a safe vault to store can if the person can forget. A desktop
Accepted: 10th Feb, 2024 application for this purpose is discussed in this paper. This is a 2-part project, consisting
Published: 17th Feb, 2024 of a secure file value and a secure password manager. The password manager uses a
database. The whole of the project is developed in Python, using its various libraries that
KEYWORDS: serve its purposes. Cryptography is another highlight here. But, by only using Python
AES (Advanced libraries and the functions included in them, this is possible. Extensive coding for only
Encryption Standard), cryptography is not done, it is done using various functions.
Cryptography, Decryption,
Encryption, File vault,
Password manager, Safety,
Security

1. INTRODUCTION 2. LITERATURE REVIEW

Nowadays, while using a computer, we have some files In the paper “Secure File Storage Using Hybrid
which we want to securely store somewhere else where Cryptography” the author discussed an approach for
only we can find it. As a next step, it needs to be encrypted. securely storing files, and sharing them over network. This
For this purpose, a secure file vault which saves the proposed scheme would also ensure the whole model to
selected files in a vault and encrypts them on user choice is have confidentiality, integrity, and availability mechanisms
discussed here. This is a system developed in python and to be implemented in it (Bharathi et al., 2021).
starts by asking user for a password. After that, choice is
In the paper “Secure File Storage on Cloud Using Hybrid
asked to hide a file, or unhide a file to view it, or to view
Cryptography Algorithm” the authors discussed secure file
the hidden files, or to exit that and finally to reset the vault
storage on cloud using Hybrid Cryptography Algorithm
and delete every record.
(Maitri & Verma, 2016). Even though this paper is based
Another issue in everyday life is the internet usage and the on cloud technology, the approach regarding the file safety
number of usernames and passwords required for so many and storage proved to useful and motivational moving
websites. We tend to forget some usernames and forward in development of my project.
passwords. The second part of the system includes a
In the paper “A Secure Password Manager” the authors
desktop application of a secure password manager
explained the problem statement about the need for
(Mushtaq et al. 2017).
password managers and developed a Chrome extension for
that purpose (Stobert & Biddle, 2014).

DOI: https://doi.org/10.48001/JoITC.2023.115-8 Copyright (c) 2024 QTanalytics India (Publications)

 6

In the paper “Analysis on the Security and Use of only it recognises the file. A notable point here is that the
Password Managers” the authors carried out an analysis of path should be of a file, as a folder cannot be added to the
the use of password managers and their efficiency and vault. If a folder path is given, it prints out the given path is
appropriateness. Their finding did prove useful for me of a folder and show up the menu again.
going into developing a part of my project (Luevanos et
It then checks if the file exists, if yes, it asks if the user
al., 2017).
wants to encrypt it. If yes, then the file in encrypted with
3. IMPLEMENTATION DETAILS AES encryption algorithm. encryptFile function of
pyAesCrypt library is used in this case. If not, still the file
This project is created using Python as the main language.
is added to the vault but its not encrypted, it is in its normal
It has different libraries for different purposes, like Tkinter
form.
for GUI, pyAesCrypt and cryptography for encryption and
decryption. Other libraries include pyperclip for clipboard Now these files are stored in a “.vault ” folder in Users
actions, sqlite3 library for database operations, SQLite3 directory of the computer, and not visible unless searched
database, hashlib for hashing purpose, and more. (but no one will directly search for a vault generally, so
though risk is involved, this is still a safe option). If we
The block diagrams of the project are displayed below in
search for the file, first of all it will take much time to
Figures 1 and 2:
locate it, and when you try to open the file, it will open up
as usual if not encrypted. But if encryption option was yes,
then that file will have an extension ‘.aes’ and won’t open
with any of the windows tools and applications. The
encrypted file is protected and it can’t be opened in any
case unless the master user unhides it and it gets copied to
the original location (Mehta et al., 2022).

Figure 1: File Vault Block Diagram.

Figure 3: Hiding a File.

Entered Choice is 2 (Unhide a File)
The second choice is to unhide a file. On selecting this
option, the index of the file needs to be entered, then it
recovers the file and copies it to the project directory. For
Figure 2: Password Manager Block Diagram. viewing that index of the file, the third choice of viewing
Microsoft Visual Studio Code and PyCharm were used as the hidden files needs to be selected first where it displays
an IDE for writing the script and testing the output. the full list of files within the vault as given in Figure 4.

3.1 File Vault While unhiding, it checks if the desired file is encrypted or
not. If not, it simply copies the file to the project directory
This is the first part of the peoject. Libraries such as os, and if it was encrypted, it decrypts it first, and then gets
base64, shutil, pyAesCrypt and cryptography are used in copied to the project directory. decryptFile function of the
here. If the project is run for the first time, it asks for pyAesCrypt library is used in this case (Pradhan et al.,
creation of a master password. After creation of the master 2022).
password, a key is generated to encode it and ensure
security of it. After giving a master password, it gives a The file gets deleted from the vault after this function is
menu with 5 options: To hide a file, to unhide a file, to used.
view hidden files, to exit the vault and finally to reset
everything.
Entered Choice is 1 (Hide a File)
When the user enters the choice as 1, it is for hiding a file.
It asks for the file path. On entering that, inverted commas
need to be removed as then it will show that this is not a
proper input as given in Figure 3. The backlashes present Figure 4: Unhiding a File.
in the file path must be changes to forward slashes. Then

DOI: https://doi.org/10.48001/JoITC.2023.115-8 Copyright (c) 2024 QTanalytics India (Publications)

 7

Entered Choice is 3 (Display List of Files Inside the which reduces guess rates from hundreds of thousands of
Vault) guesses per second, to less than a few tens of thousands of
guesses per second, automatically securing the password on
When the user selects this choice, it is for viewing the list
which the algorithm is applied to.
of items present inside the vault irrespective of whether
they are encrypted or not as given in Figure 5. It prints out 3.2 Password Manager
an index for each file and the file name with extension. If
This is the second part of the project, and its GUI is fully
that extension is ‘.aes’, the file is encrypted and if it is any
complete and working. Libraries such as sqlite3, haslib,
other normal extension, the file is not encrypted.
pyperclip, tkinter, base64, os, cryptography and others are
This function is essentially important for unhiding a file used. SQLite database is used here.
(Choice 2).
Master Password
On running it for the first time, it will ask to create a
master password. On creating, it encrypts the password and
add to the database. Also it will display a recovery key
there, in case the user forgets the password in future. This
recovery key is basically random hashes displayed but also
saved in order to authneticate the user (Pradhan et al.,
2022). This can be copied and pasted somwhere in the PC.
Pyperclip library of Python is used to perform clipboard
Figure 5: List of Items Currently in the Vault.
operations, and using that a copy key button is present
Entered Choice is 4 (Exit the Vault) there to copy it as shown in Figure 7.
Next choice is to exit the vault, which simply stops the
program from running, comes out of the do-while loop and
exits.
Entered Choice is 5 (Resetting the Vault)
The last choice for the user is to reset the vault, which
resets the master password and deletes everything in the
vault as shown in Figure 6. On running the program again,
it will ask to create a new password instead of asking for
the existing one.
For doing a reset, the user has to put in the existing master
password for the event to occur, for safety purposes. Once
that is done, the key and master password are deleted and
Figure 7: Entering Master Password.
vault directory is also deleted. This directory exists only
when the vault is functional and its creation time is the Vault Screen
time when the vault was run for the first time.
If the entered password is correct, or after entering the
password for the first time in case of running the
application for the first time, a vault screen is displayed. In
this screen, 3 columns are present – Website, Username
and Password. The records can be added to the database
using the ‘+’ button at the top. These are then saved to the
database and fetched back to display here on the screen are
Figure 6: Resetting the Vault. given in Figures 8 and 9.
Another interesting thing about this project is that there is a
function to encode the master password into the encrypted
form. SHA256 algorithm is used to do this. SHA-256
stands for Secure Hash Algorithm 256-bit and it’s used for
cryptographic security. Such cryptographic hash
algorithms when used, produce irreversible and unique
hashes which cannot be decoded easily. As the number of
possible hashes increases, the chances that two values will
create the same hash reduces automatically.
Password-Based Key Derivation Function 2 (PBKDF2) Figure 8: Vault Screen.
makes it harder for someone to guess your account password
through a brute-force attack. PBKDF2 fucntion/algorithm
prevents commonly used password cracking tools from
making the best use of graphics processing units (GPUs),
DOI: https://doi.org/10.48001/JoITC.2023.115-8 Copyright (c) 2024 QTanalytics India (Publications)
 8

Also, the files should be visible and executable within the

vault, which is another future scope.
In password manager, the GUI could be improved and
made more beautiful. Also instead of a recovery key, a
security question can be added in its place so that nothing
needs to be copied anywhere in the PC. The database file
could be hidden like the file vault module which is another
future scope.
Figure 9: Asking for User for Information to be Put in. REFERENCES
They are of course encrypted in the database. So then, even Bharathi, P., Annam, G., Kandi, J. B., Duggana, V. K., &
if the database file is stolen, nothing could be inferred out Anjali, T. (2021, July). Secure file storage using
from that. There is a delete button on the right of each hybrid cryptography. In 2021 6th International
entry in the vault screen to delete that entry/record. Conference on Communication and Electronics
Pressing this button will delete that entry from database as Systems (ICCES) (pp. 1-6). IEEE. https://doi.org/
well as the vault screen. 10.1109/ICCES51350.2021.9489026.
Database Luevanos, C., Elizarraras, J., Hirschi, K., & Yeh, J. H.
(2017, December). Analysis on the security and use
SQLite3 database is used in this application. SQLite3 is
of password managers. In 2017 18th International
also a useful library of Python used in database operations
Conference on Parallel and Distributed Computing,
as shown in Figure 10.
Applications and Technologies (PDCAT) (pp. 17-24).
The passwords stored in the database are in encrypted form IEEE. https://doi.org/10.1109/PDCAT.2017.00013.
before entering. On display, these are decrypted and then
Maitri, P. V., & Verma, A. (2016, March). Secure file
displayed. So, everything present in the database is
storage in cloud computing using hybrid
practically nothing worth understanding as they are just a
cryptography algorithm. In 2016 international
bunch of hashes (numbers).
conference on wireless communications, signal
processing and networking (WiSPNET) (pp. 1635-
1638). IEEE. https://doi.org/10.1109/WiSPNET.20
16.7566416.
Mehta, K., Jain, R., Mittal, P., & Sharma, S. (2022).
Cryptocurrency: A critical analysis of embedded big
data analytics. SSRN Electronic Journal.
https://doi.org/10.2139/ssrn.4025347.
Figure 10: Database Entries. Mushtaq, M. F., Jamel, S., Disina, A. H., Pindar, Z. A.,
4. RESULTS AND DISCUSSION Shakir, N. S. A., & Deris, M. M. (2017). A survey on
the cryptographic encryption algorithms.
There are two parts in this project – File Vault and International Journal of Advanced Computer Science
Password Manager. Both these modules were performing and Applications, 8(11). https://doi.org/10.14569/IJ
up to the mark while testing the project at the end. The file ACSA.2017.081141.
vault module does not contain GUI, but its functionality is
clear, and the do-while loop running serves the convenience Pradhan, D., Sahu, P. K., Goje, N. S., Ghonge, M. M., Tun,
of using a menu-driven program. The password manager is H. M., Rajeswari, R., & Pramanik, S. (2022).
fully functioning properly with GUI and database Security, privacy, risk, and safety toward 5G green
operations. network (5G‐GN). Cyber Security and Network
Security, 193-216. https://doi.org/10.1002/978
5. CONCLUSION 1119812555.ch9.
We have a 2-part secure system ready with two purposes. Pradhan, D., Tun, H. M., Wah, N. K. S., Oo, T., Priyanka,
This project has two completed modules - the secure file K. C., & Dash, A. (2022, July). Efficient usage of
vault and the password manager. These both were working energy in 5G toward sustainable development
properly, and the data was efficiently transferred and that inclined to industry 4.0 connectivity. In 2022 IEEE
too in encrypted form. Even if the files in the vault on Region 10 Symposium (TENSYMP) (pp. 1-6). IEEE.
searching are stolen, because of AES encryption, nothing https://doi.org/10.1109/TENSYMP54529.2022.9864
about that file will be visible to the thief. Same goes for the 351.
password manager, even if the database file is stolen, the
data is in encrypted format, so nothing meaningful can be Stobert, E., & Biddle, R. (2014, September). A password
taken out from that. manager that does not remember
passwords. In Proceedings of the 2014 New Security
The future scope for this project is to develop a GUI for the Paradigms Workshop (pp. 39-52). https://doi.org/
file vault, as then it will be more convenient and useful. 10.1145/2683467.2683471.
DOI: https://doi.org/10.48001/JoITC.2023.115-8 Copyright (c) 2024 QTanalytics India (Publications)