Loading…

		

		
		
		
		
		

	
						
		
			

				
				

					
					
Password Manager

				

				
				

					


	
Password Manager



	


		

			Kryptel Password Manager might look as another one of those numerous password
			managers, but there is one important difference – it is secure. What does this mean?
		

		
		
    
		    
  • It keeps your passwords and keys in an encrypted container.
    • 
		    
		    
  • Keys are supplied via encrypted communication channel and are impossible to intercept.
    • 
		    
		    
  • It transfers derived key material only; it never allows original passwords and
		    keys outside. Even if the attacker somehow manages to get the key,
		    other files encrypted with the same key will remain safe.
    • 
		    
		    
  • Stored passwords can be used but can't be viewed or copied. No one will be able
		    to take a quick peep into your password database when you are out to get some coffee.
    • 
		


		

			Password Manager requires Kryptel 8 or Silver Key 5
			encryption engines. Secure key transfer is not available for files created with
			earlier versions. The only key material that Password Manager can provide to
			a legacy encryptor is insecure text password (see below for a discussion on text passwords).
		



		
Creating a Password Database


		

			At the first run Password Manager will display a message saying that there is no password
			database and will offer to create a new one. Press OK and enter password or key for your
			database. Choose your password carefully – the password that protects all your passwords
			most certainly must be a good one.
		


		

			As soon as the database is available, the Password Manager's main window will appear
			with a tab for every key type:
		


		Password Manager's main window
		
		
    
		    
  • Selecting File / Exit quits Password Manager,
		    finalizing all changes made to the database.
    • 
		    
		    
  • Selecting File / Discard quits Password Manager
		    and discards all database changes. This is the only way to undo mistakes like deleting
		    something you'd rather keep.
    • 
		    
		    
  • Pressing the cross in the top right corner hides the Password Manager window.
		    Password Manager will sit in the background popping up only when necessary (this is
		    the normal mode of operation). You can also restore Password Manager's window by
		    clicking its icon in the system tray (where the system clock is).
    • 
		



	
		
Using Keys


		

			When Kryptel needs an encryption key, it activates the Password Manager. Just double-click
			(or drag-and-drop, or copy-and-paste) the password or the key that you wish to use.
			On decryption Kryptel asks for the key only if the Password Manager has not been able
			to supply it.
		



	
		
Adding New Keys


		

			Don't forget to backup your password database as soon as any change is made.
		


		
Adding a Simple Key


		

			Open the tab for the type of the key you want to add (that is, open Passwords
			if you want to add a password) and select Edit / Add.
		


		

			Enter the password (or specify a binary key, or specify a Yubikey log file).
		


		Adding a new password

		

			The last mandatory step is specifying the key name. Don't enter the actual password; this name is
			supposed to be a brief description like Password for weekly backups or
			Key for company files.
		



		
Adding a Complex Key


		

			Open the Composites or the Groups tab
			and select Edit / Add. In the key lists select at least
			two component keys (click while holding the Ctrl key to select several items) and enter
			the key name.
		


		Adding a new composite key

		

			Note that the component keys are removed from the corresponding key lists after the complex key
			is created. If you want to use the same subkey also individually, add it twice to the password
			database (under different names as duplicate names are not allowed).
		



		
Access Rights


		

			You can limit the functionality of a specific key by assigning the following access rights.
		

		
		
    
		    
  • C (Create) – The key can be used for creation of a new container.
    • 
		    
		    
  • M (Modify) – The key can be used to modify an existing container.
    • 
		    
		    
  • D (Decrypt) – The key can be used to view the contents of an existing container and
		    to decrypt the files it contains.
    • 
		



		
The right to decrypt


		

			A container must always be decryptable. If none of the used keys allows decryption,
			the program modifies the key rights as follows:
		

		
		
		
    
		    
  • If the container is encrypted with a single key, the Decrypt right will be added.
    • 
		    
		    
  • If the container is encrypted with a group of keys, and none of the keys has the Decrypt
		    right, the program will add this right to all the keys in the group.
    • 
		    
		    
  • If there is an active master key, the access rights will not be changed. Master key
		    allows decryption by definition, so the condition at least one key must
		    be able to decrypt is always satisfied.
    • 
		



		
Persistent rights


		

			Key access rights are stored in the container header when the container is created and cannot
			be changed afterwards. For example, if a container is created with a password that has
			C-D (Create and Decrypt) rights, that password will not be able
			to modify the container even if you add the Modify right later.
		



		
No rights


		

			It is interesting to note that a key with no rights assigned is still perfectly valid.
			While it cannot be used on its own, it can be a part of a composite key. Composite keys
			have their own rights; the rights of individual components are ignored.
		



		
Master Keys


		

			Any simple or composite key stored in Password Manager may be declared as a
			master key. When Password Manager provides an encryption key,
			it also adds all the master keys. It is important to note that master keys are added if and
			only if the encryption key was provided by Password Manager. If the key was entered by the user
			(i.e. the user typed the password or inserted the key), then the master keys will not added.
			Master keys are never added without user knowledge.
		


		

			Although in some situations quiet inclusion of master keys might be preferable, such a feature
			could be exploited to insert a backdoor.
		


		

			Master key is considered a special kind of key and has the following limitations:
		

		
		
    
		    
  • Master key allows read access only.
    • 
		    
		    
  • During decryption master key is never applied automatically. A master key cannot be copied
		    or dragged to the password window. In order to open a container with a master key the user must
		    type it (or insert the key media).
    • 
		


		

			In short, master key is an emergency tool not intended for everyday use.
		



		
Text Passwords


		

			A password may be declared as a text (insecure) one. If this box is checked, then the password
			can be dragged or pasted as a text string into third-party applications (and so can easily be
			viewed by pasting it into any text editor). Use this option if you want to use Password Manager
			as a common (even if a rather simple) password manager. This option is active on password creation
			only (otherwise it would be easy to steal the password by temporarily checking this box).
		



	
		
Copying the Password Database


		

			In order to backup the password database use File / Backup
			command (or just copy its file using Windows Explorer). The database is an ordinary Windows
			file named Passwords.edb.
		

		
		
    
		    
  • The desktop version keeps its password database file at
		    Documents\Kryptel Data\ folder.
    • 
		    
		    
  • The portable version keeps its password database file on its base drive at
		    \Kryptel\Password Data\ folder.
    • 
		


		

			In order to use your desktop database on a USB drive just select
			File / Backup and choose
			<your portable drive>:\Kryptel\Password Data\
			as the destination folder.