QrTexter - Using QR barcode as a password enabler


The aim of this project is to use QR barcode as a password instead of typing it directly.
Consider the amount of passwords you currently have for your bank account, ebay, PayPal, Amazon, Microsoft Account, Gmail, etc. no need to continue.
In the proposed solution you can store all of your passwords encrypted as QRs in your smartphone, and then simply show the right one to your laptop's web-cam instead of typing it in. This way you don't need to remember a whole bunch of passwords, and you can make them very complicated and long!
And if your phone is lost - all you need to do is simply create a new bunch of QRs with a different private key, rendering the old QRs useless!

A demo console application is available within this project and in the Downloads section.

Currently, the above mentioned is done in the following manner:
  1. A utility to create QRs enables to create an encrypted password QR from a given text password. See below for details about the encryption method used.
  2. A utility to decode and decrypt the password out of a given QR. This utility includes the reading of the QR from the device's web-cam, and a utility to type the decrypted result anywhere the keyboard focus is at the time.
Included in this project are two NuGets:
  1. InputHandlers NuGet - The allow the hooking to keyboard events of the system, and to allow the typing of text anywhere the keyboard focus is at the time.
  2. CryptoQrUtilities NuGet - The bundle that includes the encoding/decoding of a QR, the encryption and decryption of data, and a library to access a web-cam device (Touchless.Vision - Touchless project in CodePlex).
Please find examples and reference for these NuGets in the Documentation section.
Information on how to download these NuGets can be found also in the Downloads section.

Encryption method used

The password is encrypted with an AES-256 symmetric algorithm, and its key is bundled with the QR. The bundled key in itself is encrypted with an asymmetric encryption of RSA using 1024 bits public key.
The private key is stored in the device where the QR is used with. When it is compromised or when the QRs are compromised, the private key can be easily replaced to create other QRs carrying the same passwords.

Last edited Dec 13, 2014 at 6:24 PM by adi3shilo, version 17