Hardware components | ||||||
 |
| × | 1 | |||
Software apps and online services | ||||||
| ||||||
 |
| |||||
It all started with a simple idea: a secure, offline way to manage passwords, something reliable, and not tied to the cloud.
Before diving into development, I already had most of the building blocks ready from previous projects and some Ui. Bringing them together for this project was like assembling a puzzle I had already solved in parts.
The plan was simple: build a password manager that's intuitive and easy to use, while taking security seriously with strong encryption, and a way to store data persistently and safely on a portable device.
EncryptionAES was the natural choice, it's a well-established, fast, and widely trusted encryption standard used in everything from banking to military systems.
All passwords are encrypted using AES-128, with the encryption key derived from a master password using PBKDF2. This function applies thousands of iterations and a random salt to slow down brute-force attacks and ensure secure key derivation.
Persistent & Secure StorageEncrypted password vaults are stored as files on the SD card, but never in plain text. Only the encrypted file is written to disk, and it contains:
- A salt used during PBKDF2 derivation and the AES-encrypted data (ciphertext).
Decrypted data is held only in RAM, and is erased immediately after use or auto-lock.
The Cardputer is a Perfect FitThe M5Stack Cardputer is pretty much perfect for a hardware password manager. It’s compact, has a built-in keyboard, an SD card slot, and runs on an ESP32-S3 with native USB support. The screen makes it easy to use on its own, and thanks to USB HID, it can type passwords directly into login fields.
It also comes with a two built-in batteries, giving it excellent battery life for portable use.
Password Manager Features Overview- 🔐 AES-128 Encryption: All stored passwords are encrypted using the AES-128 algorithm to ensure strong protection against unauthorized access.
- 💾 Storage on SD Card: Encrypted password vaults are stored as files on the device's SD card, offering persistence, portability, and easy management.
- 🔁 Random Password Generation: The device can generate secure, random passwords.
- ⌨️ HID Keyboard Mode: Thanks to the ESP32’s HID functionality, the device can simulate a USB keyboard to automatically type usernames and passwords into login fields.
- 🔓 User Authentication: A master password is required to unlock and access stored credentials
- ⏱️ Auto-Lock Vault: The vault automatically locks, reducing risk in case of physical theft or unattended access.
The Password Manager is built around a clean and fully tested Model-View-Controller (MVC) architecture.
This separation of concerns allows for easier updates, better testability, and a more maintainable codebase. Each component has been individually tested, ensuring robustness and reliability across the firmware.
A complete test stack was implemented in the Password Manager project, ranging from low-level unit tests on service functions (like AES encryption and file parsing) to full integration tests (Create a vault, load a vault...).
Password Manager for the CardputerFor more technical details, usage instructions, and full source code, you can visit the project’s GitHub page.
You’ll also find many other open-source firmwares I’ve developed for the M5Stack Cardputer. You can also find them ready to flash on the M5Burner software.
Comments