Update: release apk now available here
Passtwo is my second attempt at making a mobile password manager app. It is designed to integrate with passman, a python script that uses GPG to store passwords. You can see how it works in this DEV article. This app relies on BouncyCastle to decrypt files.
OAuth Device Flow
This app uses the beta Device Flow for OAuth apps. First, when the user presses Request Device Token, the app sends a request for a device token containing the OAuth app's Client ID. The response contains an 8-character authorization code, and the browser automatically opens to type it in (The code is displayed on the app's settings page). The user will be prompted to login before entering the code. Finally, if the user has agreed to allow the application, the Get Token button must be pressed in order to finish the authentication process.
User Info
After authenticating, the user simply inputs their github username, the private repo holding their passwords, and their gpg passphrase. The only thing required in the repo are the folders containing the encrypted passwords, and a gpg private key. The app currently doesn't support adding new accounts (directly from the app), however I hope to add that in the future since it would be improvement over the previous version. Each time the user tries to access the Passwords page, they will be prompted to enter their fingerprint or pin before proceeding
Installation
A release apk can be found here.
Top comments (0)