smart-pass

Fill in login forms using an OpenPGP-enabled smart card

What is smart-pass?

Smart-pass is a Chrome extension designed to boost the security of your online accounts. It leverages OpenPGP-enabled smart cards to fill in login forms. This intuitive extension works seamlessly with a Google Drive-synced password store encrypted using an RSA key stored on your smart card. Compatible with different smart cards and operating systems, Smart-pass revolutionizes account security while streamlining and enhancing user experience.

Download

Extension stats

By: Fabian Henneke

View on Chrome Web Store

Users: 3,000+

Rating: 3.83 (6)

Version: 0.9.8 (Last updated: 2020-05-14)

Creation date: 2020-05-14

Risk impact: High risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

activeTab
alarms
clipboardWrite
contextMenus
identity
idle
https://www.googleapis.com/drive/v3/files/*
chrome://favicon/*
http://*/*
https://*/*

Size: 290.82K

Email: fh*****@gmail.com

URLs: Privacy policy

Ranking

# 18868 ▼ 169

Other rankings

#24833 in Workflow & Planning ▼ 22

#10 in copyright keyword 8

#11 in license keyword 3 ▲ 2

#11 in smart keyword 43 ▲ 1

#179 in encrypt keyword 19 ▼ 2

Upgrade to see more rankings

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

UPDATE: Due to collisions with the global keyboard shortcuts on Chrome OS, the default shortcut for this extension has been changed to Ctrl+Shift+P (resp. Cmd+Shift+P on Mac). The keyboard shortcut can always be changed under chrome://extensions/shortcuts.

Fill in login forms using an OpenPGP-enabled smart card.

*** NOTE: This extension requires the Google Smart Card Connector extension https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco to be installed and enabled. ***

This extension is meant to be used with a Google Drive™-synced password store generated by zx2c4's ‘pass’ https://www.passwordstore.org and encrypted using an RSA key stored on a smart card such as a YubiKey, Nitrokey or a Fellowship smart card.

It is compatible with one of the two storage formats supported by Danny van Kooten’s ‘browserpass’ https://github.com/dannyvankooten/browserpass, which this extension is based on. This storage format is also used by the Android app ‘Password Store’ https://github.com/zeapo/Android-Password-Store. For example, encrypted password files for a login form at ‘https://(www.)login.domain.com/secure.html’ can be stored in any Google Drive™ folder called ‘login.domain.com’ and should have file names of the type ‘username.gpg’, where username is replaced by the username used to log in. The content of the files are the GPG-encrypted passwords for the respective username. Both raw and ASCII armored encrypted files are supported. There can be multiple logins and/or folders per domain and these files can be encrypted using keys on different smart cards. The decryption request will be sent to the smart card with the matching public key.

On first use, the extension will request read-only access to your files on Google Drive, which is needed to find and read encrypted password files. It will also trigger a warning message from the Smart Card Connector extension, since this extension is not contained in its whitelist of smart card middleware applications.

The smart card PIN (or any other user data) is never stored and is only kept in memory for as long as necessary (or requested by the user in case of PIN caching). The extension requests exclusive access to the smart card reader.