Warning

• This is a personal project
• It hasn't been audited
• It's not even finished anyway

SafeCloset comes with absolutely no guarantee. If you store your crypto wallet's password with 2B€ in SafeCloset and can't read it back, I can do nothing for you.

Overview

A closet is stored in a file that you can backup, keep with you on an USB key, etc.

A closet contains drawers, each one is found and open with its own password.

A drawer contains a list of (key, value). Values are texts in which you can store a code, a password, comments, a poem, some data, etc.

Features

• The closet contains several drawers, some of them automatically created with an unknown password so that nobody can determine which drawers you're able to open, or even how many
• Each drawer is separately crypted with AES-GCM-SIV, with a random one-use nonce and the password/key of your choice. This gives an inherently long to test decrypt algorithm (but you should still use long passphrases for your drawers)
• You can have one or several drawers with real content. You can be forced to open a drawer at gun point and still keep other drawers secret without any trace
• When you open a drawer, with its password, you can read it, search it, edit it, close it
• Drawers are automatically closed on inactivity
• The size of the drawer's content isn't observable
• An attacker having several versions of the closet files can't determine if you've just read or made changes, and if the content grew or shrinked
• No clear file is ever created, edition is done directly in the TUI
• No clear data is ever given to any external library, widget, etc.
• All data is viewed and edited in the TUI application
• You can compile SafeCloset yourself. Its code is small and auditable and 100% in Rust
• The format of the closet file is described so that another application could be written to decode your closet files in the future (assuming you have the password)
• SafeCloset can't be queryied by other applications, like browsers. This is a feature.
• No company can die and lose your secrets: you keep everything
• Fast and convenient to use

Non features

• SafeCloset doesn't protect you against keyloggers
• SafeCloset doesn't protect you from somebody watching your screen while a secret value is displayed
• Space efficiency: Closet files are usually 1 to 5 MB large to allow specific features

Features not yet implemented

• search
• option to hide password on input
• auto-close
• multi-line values
• help page with all keyboard shortcuts
• copy-paste
• mouse selection
• closet merge & split

Implementation details

Drawer data are serialized in JSON before being encrypted with AES-GCM-SIV. JSON allows for the later addition of fields while keeping the compatibility with previous closet files. The key used for this encryption is a 32 bits Argon2 hash of the password with a closet specific salt.

Keyboard actions

• o : Open a drawer
• n : Create a drawer (when none is open) or create a drawer entry
• esc : Cancel current field edition
• tab : Create a new entry or edit the value if you're already editing an entry's name
• arrow keys: Move selection, selecting either an entry name or a value
• i or insert : Start editing the selected name or value
• ctrlq : Quit without saving
• ctrls : Save
• ctrlx : Save then quit
• Enter : Validate the current edition