SPManager (Local Vault)

This is the initial desktop for a zero-knowledge password manager. It creates a local SQLCipher-encrypted database and encrypts secret fields with AES-256-GCM using a locally derived vault key.

Tech Stack

• Python + PyQt6 (desktop GUI)
• SQLCipher (encrypted SQLite)
• argon2-cffi for Argon2id
• cryptography for AES-256-GCM + HKDF
• pyotp for TOTP
• qrcode + Pillow for MFA QR codes

Security Notes

• Master password is never stored.
• Argon2id params are fixed to m=47104, t=1, p=1.
  • argon2-cffi uses KiB for memory_cost, so 47104 == ~46 MiB.
• Vault data is encrypted client-side with AES-256-GCM.
• SQLCipher encrypts the database at rest. We set kdf_iter = 1 because we already derive a high-entropy key via Argon2id.

Setup (Ubuntu 22.04)

1) Install SQLCipher

Try the packaged route first:

sudo apt-get update
sudo apt-get install -y sqlcipher libsqlcipher-dev

If libsqlcipher-dev is not available in your repo, build from source and ensure headers + library are on your system include/lib paths before installing pysqlcipher3.

2) Create a virtualenv + install deps

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

3) Run the app

python -m app.main

The vault files are stored in:

~/.local/share/SPManager/

Project Layout

app/
  main.py
  core/
    constants.py
    crypto.py
    db.py
    models.py
    password_generator.py
    rate_limit.py
    storage.py
    totp.py
    vault.py
  ui/
    entry_dialog.py
    login_window.py
    main_window.py
    utils.py

Next Steps

• Add sync server + encrypted blob storage
• Add PWA client