/KeySpace

Official Android client for keyspace.cloud. A beautiful and secure password manager.

Primary LanguageKotlinGNU General Public License v3.0GPL-3.0

Android License Latest Version Play Store Download APK

Keyspace Android

Keyspace

The official Android client for app.keyspace.cloud. A beautiful and secure password manager where you hold the keys.

Click to view screenshots

Logins

Click to view screenshot

Create and store passwords, two-factor authentication codes, backup codes and more.

Notes

Click to view screenshot

Secure notes with rich previews and markdown support

Payments

Click to view screenshot

Access your credit and debit cards with ease

Keyroute

Click to view screenshotClick to view screenshot

Swipe up and scan a QR code to instantly log into your desktop

Recovery

Click to view screenshot

All of this is backed up and encrypted with a 12 word recovery phrase.

Features

Zero knowledge Encryption

Keyspace uses end-to-end encryption to secure all user data (Logins, Notes, Cards etc.) with keys derived from a 12 word mnemonic seed phrase.

Signature based authentication scheme

Read more: Bitwarden Security White Paper (page 9)

Most password managers transmit a hash of users master password for authentication purposes. Keyspace uses a challenge-response based authentication scheme to eliminate users master password hashes being stored on the backend. The client simply signs cryptographic challenge and sends it to the backend. Password hashes never cross the wire.

Deterministic Key derivation

Most cloud based password managers derive a master key that encrypts other keys which are 'wrapped' or 'protected' which is then stored on their servers. Keyspace derives all keys deterministically on your device from the 12 word mnemonic seed phrase eliminating the need for 'wrapped' keys.

Private

Read more: Bitwarden Icon Privacy

Your privacy matters. No third party analytics or crashlytics libraries were used in the making of Keyspace. No network calls are made to external endpoints to fetch item icons.

Stronger and faster cryptography

XChaCha20-Poly1305 with 192bit nonce instead of AES256 GCM or CBC and ED25519 over RSA for signatures.

Strongbox-backed Android Keystore

Your encryption key is stored on a separate hardware security module (HSM) inside your phone which has its own CPU, storage and RNG, safeguarded against key extraction. Keys are only accessible upon successful device authentication.

Quick wipe

Instantly sign out and delete all on-device Keyspace data by tapping the quick settings tile. Useful if the country you're in has a poor human rights record or if your device is confiscated without your consent.

Offline support

On a flight? No problem. Keyspace can do everything offline and sync once you're online.

Native android app

Keyspace is written in Kotlin. Keyspace is designed to be fast and lightweight in size <20MB.

Note: Strongbox-backing depends on availability of device-specific hardware. Keyspace will use other secure methods in case your device has no Strongbox.

Cryptography

Credits

The Keyspace Team

  • Owais Shaikh - Android App
  • Nimish Karmali - Cryptography, Architecture and Infrastructure
  • Rohan Chaturvedi - Backend API, Browser and Desktop Apps

License

Copyright © 2022-2023 Keyspace

This project is licensed under the GNU GPLv3 License