首页 无障碍插件 gPass
gPass

gPass

用户数 : 221 分类 : 无障碍 扩展大小 : 21.09KiB 最后更新时间 : 2021-03-05 版本 : 0.8.2
  • gPass
                                                            

gPass 的使用方法详解,最全面的教程

gPass 描述:

用户数:221 分类:无障碍 扩展大小:21.09KiB 最后更新时间:2021-03-05 版本:0.8.2

gPass 插件简介:

这是来自Chrome商店的 gPass 浏览器插件,您可以在当前页面下载它的最新版本安装文件,并安装在Chrome、Edge等浏览器上。

gPass 插件下载方法/流程:

点击下载按钮,关注“扩展迷Extfans”公众号并获取验证码,在网页弹窗中输入验证码,即可下载最新安装文件。

gPass 插件安装教程/方法:

(1)将扩展迷上下载的安装包文件(.zip)解压为文件夹,其中类型为“crx”的文件就是接下来需要用到的安装文件 (2) 从设置->更多工具->扩展程序 打开扩展程序页面,或者地址栏输入 Chrome://extensions/ 按下回车打开扩展程序页面 (3) 打开扩展程序页面的“开发者模式” (4) 将crx文件拖拽到扩展程序页面, 完成安装如有其它安装问题, 请扫描网站底部二维码与客服联系如有疑问请参考:https://www.extfans.com/installation/
gPass : global Password for Firefox and Chrome Introduction Everyday we have a lot of passwords to manage corresponding to a lot of accounts we use. It's hard to remain all of these, moreover if we don't use it often. So, what most people do is to generate only a subset of passwords easy to remain. This implies two common errors : * Password are not very strong * We use them for multiple accounts The best way to avoid these errors is to have a unique strong password for each account. gPass helps to reach this goal : you keep a subset of passwords (called masterkey) and for each login/password tuple you chose, gPass returns the real password by querying a password server. To have a high level of security, all information is stored encrypted (server side). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it brute force your masterkey) ! So it's important to choose to strong masterkey ! This addon is like https://lastpass.com one, but I wanted it to be open source and self hostable (be careful on server down !). Moreover, with gPass, you can have multiple master keys ! Usage The first thing to do is to populate your database (from your/a password server) with website/login/password/master key values. You can use "*" character to access to all sub domains of a specific website. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" in Firefox or "addons -> gPass -> options" in Chrome to point to your password server (+ username). Be careful, login and password are case sensitive. When you're in a login form and you want to use gPass, type your login (case sensitive !) and fill "@@masterkey" in password field. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it). You can also type "@_masterkey" to only replace your password without submitting and manually submit. This allows to support more websites. Technical details The two columns in database are "login" and "password". login is compounded by "domain;login" is salted and encrypted with AES 256-CBC The key that encrypt these fields is PBKDF2 (hmac-sha256, masterkey, password_server_url, 1000, 256), IV is PBKDF2 (hmac-sha256, password_server_url, masterkey, 1000, 256) PBKDF2 level can be changed by user Server side is written in PHP (with SQLite3 for database component). Server To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in resources. Since v0.8 and the use of Crypto API, it's manadatory to have an HTTPS access to the server. Without that, the decryption will fails. Configuration parameters are in conf.php A demonstration server is available at https://gpass-demo.soutade.fr. It may not works with HTTPS content because it uses a self-signed SSL certificate. If so, explicitly add the certificate to your browser. It's the default server of package (user demo). Warning The master key derivation is partially based on account URL. So it's linked to your current server information. You can't move databases from servers with different URLs, you need to export them and import again. Server side is available at http://indefero.soutade.fr/p/gpass/downloads Version 0.6 introduces shadow logins. It's a protection again illegal database dump and purge but requires high cpu bandwidth. Database update is transparent. The principle is to generate a random value (shadow login) that must be encrypted with the masterkey to get an access token. This access token allows to get the true (but encrypted) login/password couple. It's a kind of challenge : if I can encrypt the shadow login, I know the masterkey ! For security reason, the derivation of masterkey for deciphering passwords is different than for encrypting shadow logins (it uses its own salt). Client Just install the package. You can have debug information by setting DEBUG in main.js. Command line interface A command line interface is also available with the following usage : Usage: ./gpass_cli [-f config_file] [-p server_port] [-c CA_certificate_path] [-l PBKDF2_level] [-s gpass_server] [-v] -d domain -u username You can save recurrent parameters into a configuration file. Default config file is found at $HOME/.local/share/gpass/gpass.ini The dependencies are libcurl and OpenSSL (-dev packages : ie _libcurl4-openssl-dev_ and _libssl-dev_) A sample configuration file is available _gpass.ini.sample_ Version Information Current version is 0.8.2 (not compatible with 0.7) Firefox will remove support for addons, so the gPass addon code is not supported since v0.8, please migrate to webextension. Transition from v0.7 to v0.8 : Please update your masterkey (even with the same one) to gain a security level of your passwords's wallet. License All the code is licensed under GPL v3. Source code is available at http://indefero.soutade.fr/p/gpass. Privacy Policy Privacy Policy can be found at http://indefero.soutade.fr/p/gpass/source/tree/master/PrivacyPolicy.md ChangeLog **v0.8.2 :** Server Addon * Error in wildcard domain generation * Forgot some console.log in code (replace it with debug function) CLI v0.8.1 : Server * Scroll to page bottom when user adds a new password * Run a simpler algorithm for wildcard domains Addon * Add Privacy Policy information CLI * Run a simpler algorithm for wildcard domains v0.8 : Server * Clear master keys and reset passwords after 15 minutes of inactivity * Set USE_SHADOW_LOGINS by default * New crypto scheme (Use CBC chaining and fix a security problem with salt) and protocol v4. not backward compatible with v3 * Add QUnit tests * New password form is now on top of the page * Add a button to go to the top of the page when scrolling * Add simple password button * Rework password generation for most user friendly passwords (less special characters, more letters) Addon * New webextension for Firefox is provided. It shares most of code with Chrome extension and use native crypto API * Block connection when masterkey is sent in clear (password replacement failed). **Doesn't work with Firefox** CLI * Add command line interface (CLI) v0.7 : Server * Fix a bug for Chrome browser (doesn't support default parameters) * Display an error message when a query fails * You can now export clear password database (only unciphered passwords) * New database version : 2 * Add two new protections : REQUESTS_MIN_DELAY and MAX_PASSWORDS_PER_REQUEST (see conf.php) * Remove '\' character from password generation Addon * Addon is now compatible with more websites * Use jpm building tool instead of cfx for Firefox Addon v0.6 : Addon * Add support for "@_masterkey" input Subscribe to announce list @ https://pannous.soutade.fr/lists/gpass
下载 如何离线安装? Chrome store

分享

全部评论

    展开更多评论

    错误提示保存失败
    成功提示保存成功
    close
    qr-code

    为打击盗链困扰,本站已启用公众号验证
    微信扫码关注上方公众号,回复“插件”二字获得验证码,验证码5分钟内全站有效。

    正在验证
    验证成功
    下载遇到问题?请添加QQ群:398095333
    close
    qr-code

    为打击盗链困扰,本站已启用公众号验证
    微信扫码关注上方公众号,回复“脚本”二字获得验证码,验证码5分钟内全站有效。

    正在验证
    验证成功