diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index e3eccca..ab3e3d4 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -1,3 +1,57 @@
# Developer notes
**Programming language:** TypeScript
-**Framework:** Electron (latest)
\ No newline at end of file
+
+**Framework:** Electron (latest)
+
+## Encryption
+OffPass uses PGP in the background with symmetric encrpytion.
+
+### Passphrase
+The passphrase is the actual key which is used for encrpytion. But we don't use your entered master password directly. We hash it with `Argon2i` about 25 times. This gives use an output like this: `29dbf5392f13f36d7e9509b1a5c9add0d6a8e2625b5e84ab4d1df8da6063625d`.
+
+This value will be used as passphrase, not your plain password. The creation of this hash takes about **more then one second**.
+
+Attackers are using password dictionaries with more then one million passwords. Creating such a hash for each password in there would take **millions of years**.
+
+## QR-Code schema
+An OffPass QR-Code must follow this data schema or else OffPass wouldn't be able to read it. **The following examples are data after decryption.**
+```
+name|password|email|website_url|(custom1)data1|(custom2)data2
+```
+Als Beispiel:
+```
+Main Steam Account|super_secret_example123|info@example.de|https://store.steampowered.com/login/|(2fa_backup)R1337
+
+ProtonMail|mail_pw123|klier.nicolas@protonmail.com||
+```
+These characters are reserved and cannot be used for any fields: `|%§`
+
+### Compression
+It is possible to compress QR-Codes. Instead of writing all data to the QR-Code you can write random strings (key) to it. OffPass itself holds a database of those random string and the corresponding encrypted value.
+
+The program generates a `session key` (length of 10 characters) which is unique for each QR-Code. This session key is stored on the QR-Code and is used to encrypt the raw values in database. So not even If someone stells your database he wouldn't be able to read your compressed strings.
+
+The compression key is stored like that: `§key`, the decryption key is stored like that: `%decryption_key%` always at the beginning.
+
+For example:
+```
+%session_key%§xa|passwords_not2134|email_too@example.com|§q|(§a)§gh|(uncompressed)value
+
+-> Google|passwords_not2134|email_either@example.com|https://accounts.google.com|(2fa_backup)245131,...|(uncompressed)value
+```
+
+This can has two advantages:
+* An attacker can't read compressed values (he would need the database)
+* You can get more data on one QR-Code
+
+But one disadvantage:
+* **If you lose access to the compression database, you also lose access to those compressed values. But not to your password.**
+
+### Type mark
+OffPass will first look if the scanned QR-Code is actually an OffPass QR-Code. This is done by checking the first three charcters:
+
+```
+op:jA0ECQMC+t514sews8e70jsBw4SWsYYgPGzi5Ps0OGr8/tVGngopmHDQpSpMkNtkWZU573zNsFyk VVN3elnAY0D+EIIzTpKxq0F3fQ==
+```
+
+This `op:` tells the program that this is actully a OffPass QR-Code. If this is not present, OffPass will abort further steps and notify the user that this is not an OffPass QR-Code.
\ No newline at end of file
diff --git a/package.json b/package.json
index caa1d1b..759b0ea 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,8 @@
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
- "start": "tsc && electron dist/main.js"
+ "start": "tsc && electron src/main.js",
+ "clean": "del /S src\\js\\*.js && del src\\*.js"
},
"repository": {
"type": "git",
diff --git a/src/assets/icon.png b/src/assets/icon.png
new file mode 100644
index 0000000..90a2734
Binary files /dev/null and b/src/assets/icon.png differ
diff --git a/src/global.css b/src/css/global.css
similarity index 86%
rename from src/global.css
rename to src/css/global.css
index b2bb56a..1f2be90 100644
--- a/src/global.css
+++ b/src/css/global.css
@@ -19,6 +19,13 @@ p, span {
color: #fff;
}
+a {
+ color: white;
+ text-decoration: none;
+ font-weight: bold;
+ font-family: 'Source Sans Pro', sans-serif;
+}
+
#taskbar {
display: flex;
position: absolute;
@@ -40,7 +47,6 @@ p, span {
height: 100%;
vertical-align: middle;
text-align: cover;
- object-fit: fill;
}
#content div {
position: absolute;
diff --git a/src/scanner.css b/src/css/scanner.css
similarity index 89%
rename from src/scanner.css
rename to src/css/scanner.css
index 5450058..936d230 100644
--- a/src/scanner.css
+++ b/src/css/scanner.css
@@ -29,7 +29,8 @@
opacity: 0;
padding-left: 20px;
backdrop-filter: blur(20px);
- background-color: rgba(0, 0, 0, .3);
+ background: linear-gradient(0deg, rgba(0,0,0,.75) 80%, rgba(94,94,94,.75) 100%);
+ box-shadow: 0px -10px 34px -10px rgba(0,0,0,0.75);
}
#password {
diff --git a/src/start.css b/src/css/start.css
similarity index 89%
rename from src/start.css
rename to src/css/start.css
index bee069c..091f5ba 100644
--- a/src/start.css
+++ b/src/css/start.css
@@ -4,7 +4,6 @@
padding-top: calc(10% + 50px);
width: 100%;
height: 100%;
- pointer-events: none;
}
#master_prompt input {
margin-top: 50px;
@@ -22,4 +21,8 @@
border-bottom-width: 3px;
border-bottom-left-radius: 2px;
border-bottom-right-radius: 2px;
+}
+#master_prompt a {
+ line-height: 5;
+ font-size: 13pt;
}
\ No newline at end of file
diff --git a/src/html/create.html b/src/html/create.html
new file mode 100644
index 0000000..ff3f00a
--- /dev/null
+++ b/src/html/create.html
@@ -0,0 +1,3 @@
+
+
New QR-Code
+
\ No newline at end of file
diff --git a/src/index.html b/src/html/index.html
similarity index 81%
rename from src/index.html
rename to src/html/index.html
index c139869..bb6418b 100644
--- a/src/index.html
+++ b/src/html/index.html
@@ -2,17 +2,17 @@
- Hello World!
+ OffPass
-
+
-
-
-
-
-
+
+
+
+
+