-
Notifications
You must be signed in to change notification settings - Fork 14
Storage format (legacy)
Wladimir Palant edited this page May 3, 2023
·
2 revisions
Note: This was the storage format in PfP 2.x. Starting with PfP 3.0, the KeePass database format is used.
PfP uses a key/value storage for all persistent data. In browser extensions this storage is implemented via chrome.storage.local; the web client uses window.localStorage instead. Most of the storage keys will be hashed and most of the values encrypted. This makes sure that no information about the stored data can be deduced without knowing the master key used for encryption.
| Key | Storage format | Contents |
|---|---|---|
| format | number | New in PfP 2.2, should always be 3. Password type generated is only valid if missing. |
| hmac-secret | encrypted | HMAC secret used to hash various key names. HMAC secret is randomly generated for each instance but will be identical for instances synced to each other. |
| pref:autolock | boolean | If true or missing, autolock is enabled. |
| pref:autolock_delay | number | Number of inactivity minutes after which passwords should be locked, default is 10. |
| salt | base64 | Salt used to derive encryption key from the master password. Salt is randomly generated for each instance but will be identical for instances synced to each other. |
| site:<digest> | encrypted |
SiteInfo object. Here, <digest> is the base64-encoded HMAC-SHA-256 digest of the site name. |
| site:<digest1>:<digest2> | encrypted |
PasswordInfo object. Here, <digest1> is the base64-encoded HMAC-SHA-256 digest of the site name. <digest2> is the base64-encoded HMAC-SHA-256 digest of the site name, password name and password revision (all values concatenated with the NUL characters). |
| sync-secret | encrypted | New in PfP 2.2, should always be identical to SyncData.secret. |
| sync:<key> | boolean | If true, the key indicated by <key> has been modified since the last sync. |
| syncData | object | SyncData object, only if sync is set up |
| Key | Type | Value |
|---|---|---|
| alias | string | Site name that this site is an alias of. If set, no passwords can be associated with this site. |
| site | string | Site name, e.g. example.com. This is normally the full host name with www. prefix removed. The special site name pfp.invalid is displayed as (none) in the user interface and is used for data not associated with any website. |
| Key | Type | Value |
|---|---|---|
| length | number | Length of the generated password in characters. Must be a positive non-zero integer. Only if type is generated or generated2. |
| lower | boolean | If true, generated password should contain lower-case letters. Only if type is generated or generated2. |
| name | string | Password name, typically user name. |
| notes | string | Password notes if any. |
| number | boolean | If true, generated password should contain digits. Only if type is generated or generated2. |
| password | string | Stored password value. Only if type is stored. |
| revision | string | Empty for the "canonical" password and an arbitrary string for additional revisions of it. The value 1 is invalid because an empty revision will be displayed as revision 1 in the user interface. |
| site | string | Name of the site that this password belongs to, this matches SiteInfo.site. |
| symbol | boolean | If true, generated password should contain special characters. Only if type is generated or generated2. |
| type | string | Password type, can have the values generated (generated password in the legacy EasyPasswords 1.x format, see note on format key), generated2 (generated password) or stored (stored password) |
| upper | boolean | If true, generated password should contain upper-case letters. Only if type is generated or generated2. |
| Key | Type | Value |
|---|---|---|
| error | string | If set, the error recorded for the last sync attempt. This could be either an error code or an actual error message. |
| lastSync | number | Unix time of last sync in milliseconds. |
| provider | string | Sync provider identifier, one of dropbox, gdrive or remotestorage. |
| revision | number | New in PfP 2.2. Highest revision number seen in remote data. |
| secret | base64 | New in PfP 2.2. HMAC secret used to sign sync data, unencrypted version of sync-secret key. |
| token | string | Access token for user's account. |
| username | string | User name required to locate user's account. Only if provider is remotestorage. |