smart-pass

Fill in login forms using an OpenPGP-enabled smart card

Smart-pass: Enhance Login Security using OpenPGP-enabled Smart Card

Smart-pass is a Chrome extension designed to boost the security of your online accounts. It leverages OpenPGP-enabled smart cards to fill in login forms. This intuitive extension works seamlessly with a Google Drive-synced password store encrypted using an RSA key stored on your smart card. Compatible with different smart cards and operating systems, Smart-pass revolutionizes account security while streamlining and enhancing user experience.
Install from Chrome Web Store

Extension stats

Users: 3,000+
Rating: 3.83
(6)
Version: 0.9.8 (Last updated: 2020-05-14)
Creation date: 2020-05-14
Risk impact: High risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • activeTab
  • alarms
  • clipboardWrite
  • contextMenus
  • identity
  • idle
  • https://www.googleapis.com/drive/v3/files/*
  • chrome://favicon/*
  • http://*/*
  • https://*/*
Size: 290.82K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

UPDATE: Due to collisions with the global keyboard shortcuts on Chrome OS, the default shortcut for this extension has been changed to Ctrl+Shift+P (resp. Cmd+Shift+P on Mac). The keyboard shortcut can always be changed under chrome://extensions/shortcuts.

Fill in login forms using an OpenPGP-enabled smart card.

*** NOTE: This extension requires the Google Smart Card Connector extension https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco to be installed and enabled. ***

This extension is meant to be used with a Google Drive™-synced password store generated by zx2c4's ‘pass’ https://www.passwordstore.org and encrypted using an RSA key stored on a smart card such as a YubiKey, Nitrokey or a Fellowship smart card.

It is compatible with one of the two storage formats supported by Danny van Kooten’s ‘browserpass’ https://github.com/dannyvankooten/browserpass, which this extension is based on. This storage format is also used by the Android app ‘Password Store’ https://github.com/zeapo/Android-Password-Store. For example, encrypted password files for a login form at ‘https://(www.)login.domain.com/secure.html’ can be stored in any Google Drive™ folder called ‘login.domain.com’ and should have file names of the type ‘username.gpg’, where username is replaced by the username used to log in. The content of the files are the GPG-encrypted passwords for the respective username. Both raw and ASCII armored encrypted files are supported. There can be multiple logins and/or folders per domain and these files can be encrypted using keys on different smart cards. The decryption request will be sent to the smart card with the matching public key.

On first use, the extension will request read-only access to your files on Google Drive, which is needed to find and read encrypted password files. It will also trigger a warning message from the Smart Card Connector extension, since this extension is not contained in its whitelist of smart card middleware applications.

The smart card PIN (or any other user data) is never stored and is only kept in memory for as long as necessary (or requested by the user in case of PIN caching). The extension requests exclusive access to the smart card reader.

See more

User reviews

Нихрена не работает. Оно и не удивительно.
by Kosebamse, 2020-01-08
View all user reviews

Extension safety

Risk impact

smart-pass requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

smart-pass has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to smart-pass: