This article presents a simple password manager created with the Microsoft .NET Compact Framework. With this program you can have all the passwords to email accounts, online shop registrations or computer logons stored safely in one place and ready at hand in your PDA.
- Keeps passwords and similar information organized into folders.
- The passwords are saved in encrypted files.
- Supports full text search.
Password manager allows you to store passwords and other similar pieces of information. I refer to this piece of information as an entry in the program. For better orientation the entries are organized into folders.
Each entry consists of a descriptive name (e.g. My NET password), Logon (e.g. j_smith), Password, Comment and optional Category. This is optimized for storing logon information, which I believe is the most common - computer logons, email accounts and also registrations in online shops and other services will fit into this pattern.
Entries are organized into folders. There are three built-in folders named "Not sensitive", "Sensitive" and "Very sensitive". Each folder has a separate password and is stored in separate file. The file is encrypted with the password used as the key. The idea behind folders is to provide option to have less sensitive information (e.g. logon for some news website) available quickly without, or with just a short password and the very important information, like credit card numbers, can be protected by long and strong password in another folder.
Besides the three "real" folders, there are also several virtual folders which can contain items from one or more of the real folders. Example of a virtual folder is "All items" folder or folders which contain items belonging to certain category - e.g. folder with email passwords, credit card numbers etc.
Using the code
To use the sources:
- Extract the zip file into some folder on your computer.
- Open the PwdMan1 solution in Visual Studio .NET 2003.
To use the executable:
- Extract pwdman1.exe from the zip file.
- Create new folder on your pocket PC, e.g. \\Program Files\PwdMan.
- Copy pwdman.exe to this folder using Active sync.
- If you want, you can also create shortcut in \\Windows\Start Menu\Programs.
Working with the program
The program uses the same principle to display the entries (passwords) as File Explorer in Pocket 2002 to display files. At the top of the main window is a combo box which contains list of available folders. The list view below then displays all items contained in the currently selected folder.
When the program starts it displays contents of the first folder, named Not sensitive . This folder is not protected by password, or to be exact, it uses a built-in password and the user is never asked for it. It may seem strange, but this folder is intended for information which is not private, rather you just don't want to remember it. So quick access is more important than security. I think it may be useful. Especially if you have your device protected by system password. The other two folders, Sensitive and Very sensitive , can be displayed only after entering the correct password. User is prompted for this password when he/she first selects the folder in the combo box. The password is required only once, then it is possible to switch to another folders and back until the program is terminated or folder is manually locked.
Virtual folders are accessible without password, but they can only display items from real folders which are already unlocked. For example, if you switch to the All items folders right after the program is started, it will contain only the entries from the Not sensitive folder. After you unlock (enter password and open) the Sensitive folder, and switch to the All items folder again, it will contain entries from both the Not sensitive and Sensitive folders.
Each entry (password) can belong to one category, such as Emails or Computer logons. The list of folders in the combo box contains one folder for each category. This makes it easy to limit the view only to the category of entries which you just need.
Working with entries: The columns in the list view show Descriptive name of the entry and Logon. To view the password, user must select the entry and tap Show entry button in the toolbar. Entry can also be edited and deleted. Name of each entry in a folder must be unique.
Search: It is possible to search for text contained in any part of the entry including the password. Results are displayed in a special virtual folder called Search results - same trick as when you search for files in Windows Explorer. Any folder can be searched, which means you can also search recursively in the search results.
The program uses two components which are not my work:
- Blowfish class written by Markus Hahn
- and BlowfishStream class from GL Conseil.
These classes implement Blowfish encryption algorithm which is used to encrypt the data files. With the
class encrypting and saving data into file is easy:
byte  byteKey = jProtectedFolder.StrToByteArray(password);
using ( FileStream fs = new FileStream(folder.FilePath,
FileMode.Create, FileAccess.Write, FileShare.Read ))
BlowfishStream cry = new BlowfishStream(fs, BlowfishStreamMode.Write);
folder is object of
jProtectedFolder class as described below.
One entry in the password manager is represented by class
jProtectedItem . It contains string data members for the individual parts such as descriptive name, logon and password. There is also function which allows transferring the item into an array of bytes. This as you can imagine is needed for encrypting the entries. And there is also reverse function which initializes the entry object from byte array.
Folder containing entries is in the program represented by class
jProtectedFolder . Main member of this class is
ArrayList which contains the entries - instances of
jProtectedItems class. Method
SaveItems saves the folder into a stream and
LoadItems initializes it from a stream.
Storage: The program uses file folders.dat to store list of available folders. Upon startup it reads the list of folders and shows them in the combo box in main window. The file is plain text, each line defines one folder by name, path of the encrypted data file and some optional settings. Even though the user interface does not provide commands for this, it is possible to add new folders to the program by editing this file. As mentioned earlier, each folder is saved to one file encrypted by Blowfish algorithm.
Points of Interest
I am new to C#, my native language is C++, so I came across couple of issues and surprises along the way. Perhaps they may be interesting for you.
Terminating the program: The logo requirements for Pocket PC applications state that the application should not allow users to terminate it. It seems like a good idea for inexperienced users but I still haven't got used to this. I tend to terminate programs when I am done with them using the Running Program List. I included Exit command in the Password manager menu but for the final release I added code which removes this item. If you will play with the sources you may want to comment out this line so that the item is visible. It makes testing easier.
private void Form1_Load(object sender, System.EventArgs e)
Dialogs proved to be more difficult than I expected. I simply set the form style to
FixedDialog and called
ShowDialog - and the form stretched itself all over the screen and resisted any attempts to make it smaller. As I found out, it is the rule for Pocket PC applications, that dialogs should be full screen and the system makes them such. Makes sense. The controls I needed covered the full screen dialog anyway. What I didn't understand was why the dialog covered the software input panel (keyboard). On the emulator you may not notice that as you enter the text from computer keyboard. But then when you run the program on a real device, surprise, the dialog covers the screen all the way to the bottom and you cannot display the keyboard to enter any text! The solution is to add
MainMenu object to the form. Then the menu bar will be displayed at the bottom of the window and you can pop up the keyboard. Another option would be to make the dialog smaller, but as far as I know this requires changing the form border style to None, painting the border yourself and similar nasty things.
File exception: I encountered strange error when working with the files which store the entries for each folder. When the folder is first displayed, it is loaded from a file. The file is then closed. When I tried to save to the file later it ended with
IOException. But only sometimes. It seemed to occur especially when changing password for empty folder (the file is rewritten encrypted with the new password at this point). I wasn't able to get any useful information from the exception object even when I caught it when debugging. It's probably because my lack of experience with C# but the
GetLastError API seems more helpful to me. I had the suspicion that the file is still somehow locked after the reading. Quick search on the internet confirmed this. Putting the file operation into
using statement solved the trouble.
I tested the program on both the emulator and on my Pocket LOOX running Pocket PC 2002 and it seems to be working fine but let me know about any bugs you find.
- First release May 27 2004.
Works at Tomas Bata University in Zlin, Czech Republic. Teaches embedded systems programming. Interested in programming in general and especially in programming microcontrollers.