A security-focused Android password manager implementing client-side encryption, strong key derivation, and zero-knowledge storage principles.
-
🔐 AES-256 GCM Encryption
- Ensures both confidentiality and integrity of data
-
🔑 Secure Key Derivation
- PBKDF2WithHmacSHA256
- 200,000+ iterations
- Unique per-user salt
-
🧠 Zero-Knowledge Design (Basic)
- Master password is never stored
- Firebase only stores encrypted data
-
🗂 Encrypted Vault
- Entire vault stored as encrypted JSON
- Decryption happens locally on device
-
🔒 Authentication via Cryptography
- Incorrect password → GCM authentication failure
-
📱 Modern Android Stack
- Kotlin + Jetpack Compose + MVVM
User → Master Password
↓
PBKDF2 (Key Derivation)
↓
AES Key (256-bit)
↓
Decrypt / Encrypt Vault
↓
Firebase (Encrypted Vault + Salt)
- User logs in (Firebase Authentication)
- App fetches salt from database
- User enters master password
- Key is derived using PBKDF2
- Vault is decrypted locally using AES-GCM
- If password is incorrect:
- Decryption fails (authentication error)
- Vault remains locked
| Scenario | Protection |
|---|---|
| Firebase data leak | Data is encrypted (AES-GCM) |
| Wrong password | Decryption fails |
| Server compromise | No plaintext data exposed |
| Password storage | Not stored anywhere |
✅ Completed & Functional
git clone https://github.com/sukhmmeet/Password-Manager.git- Open in Android Studio
- Add your
google-services.json - Run the app 🚀
Contributions are welcome.
Feel free to fork and submit pull requests for improvements.
This project is open-source and free to use.









