Smart-pass: Enhance Login Security using OpenPGP-enabled Smart Card
Extension stats
Ranking
Other platforms
Extension summary
UPDATE: Due to collisions with the global keyboard shortcuts on Chrome OS, the default shortcut for this extension has been changed to Ctrl+Shift+P (resp. Cmd+Shift+P on Mac). The keyboard shortcut can always be changed under chrome://extensions/shortcuts.
Fill in login forms using an OpenPGP-enabled smart card.
*** NOTE: This extension requires the Google Smart Card Connector extension https://chrome.google.com/webstore/detail/smart-card-connector/khpfeaanjngmcnplbdlpegiifgpfgdco to be installed and enabled. ***
This extension is meant to be used with a Google Drive™-synced password store generated by zx2c4's ‘pass’ https://www.passwordstore.org and encrypted using an RSA key stored on a smart card such as a YubiKey, Nitrokey or a Fellowship smart card.
It is compatible with one of the two storage formats supported by Danny van Kooten’s ‘browserpass’ https://github.com/dannyvankooten/browserpass, which this extension is based on. This storage format is also used by the Android app ‘Password Store’ https://github.com/zeapo/Android-Password-Store. For example, encrypted password files for a login form at ‘https://(www.)login.domain.com/secure.html’ can be stored in any Google Drive™ folder called ‘login.domain.com’ and should have file names of the type ‘username.gpg’, where username is replaced by the username used to log in. The content of the files are the GPG-encrypted passwords for the respective username. Both raw and ASCII armored encrypted files are supported. There can be multiple logins and/or folders per domain and these files can be encrypted using keys on different smart cards. The decryption request will be sent to the smart card with the matching public key.
On first use, the extension will request read-only access to your files on Google Drive, which is needed to find and read encrypted password files. It will also trigger a warning message from the Smart Card Connector extension, since this extension is not contained in its whitelist of smart card middleware applications.
The smart card PIN (or any other user data) is never stored and is only kept in memory for as long as necessary (or requested by the user in case of PIN caching). The extension requests exclusive access to the smart card reader.
See moreUser reviews
Extension safety
Risk impact
smart-pass requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.
Risk likelihood
smart-pass has earned a fairly good reputation and likely can be trusted.
Similar extensions
Here are some Chrome extensions that are similar to smart-pass: