This section describes the basic functionalities and navigation logic of the Password PI.
Navigation
Password PI uses the joystick and input keys provided on the Waveshare 1.44" LCD HAT. The joystick offers five directions (up, down, left, right, center).
The joystick is always responsible for navigation. Moving the selection, changing the characters etc. The center button is always the confirm button.
On the right hand side, the 'Key 1' is always the 'back' button. It closes dialogs (when possible) and goes to the center page. The 'Key 2' is the delete button. It removes the currently selected character or value, if possible. The 'Key 3' is the lock key and locks the device with the master lock. In this case, the master lock must be entered to proceed using the device.
Master password and encryption
The master lock is a password, which should kept a secret. This password is used to encrypt all the other passwords stored in the device. Without it, the device can't be operated. The master password is however not stored in the device, only its salted, hashed form, hence decrypting the stored passwords without knowing the master password is not a trivial task.
The master password is in it current state stored in a file with a postfix '.master'. Should there be a reason to set a new master password, this file must be deleted first. The name of the file is the salt used to create the hash, which is the content of the file. By removing this file, every password stored in the device is essentially lost. The file can't be deleted from the GUI provided on the HAT, it must be removed on the micro SD card directly.
The hash algorithm used to store the master password is SHA-256. The salt is 32 character long. The passwords stored in the device are encrypted with the combination of the password and the generated salt, truncated to 32 characters by using the AES encryption (256 bit key length).
GUI
The GUI is consisted of views and dialogs. Every view changes the title bar as well, to provide information about the currently visible page. The title bar also provides information about the current online status of the device.
The views can be navigated by moving the joystic up and down and represent a list of values (both selectable and not selectable). The selected element is wrapped in a red rectangle. In case of an editable element (like in the 'Settings' page), the value of the given option can be changed by the Left and Right movement of the joystick, or by confirming the given selection.
There are two main types of dialogs: decision making (Yes/No, Yes/No/Cancel, Ok) and input dialogs. The decision making dialogs are to be navigated by the joystick's Up and Down directions and using the central button to confirm the selection. The input dialogs provide a short textual information about the currently requested textual input. By moving Left or Right, the selection of the currently edited character can be changed. The character value is changed by pressing Up and Down. The Confirm button ends the dialog and returns to the main - initiating window.
Sending the password
Password PI currently supports only the US layout of an english keyboard. This means, that when special characters are present in the password, they will only be entered correctly, when the keyboard layout in the operating system is set to US.
By selecting and confirming the password, the keyboard strokes are sent to the computer or smartphone, as if they were entered by a user via a keyboard. There is a base delay and a randomized time interval between the keystrokes.
Webserver
When connected to the network via WiFi, the application offers access via a web browser. This functionality must be enabled via the settings. There are two levels levels of control when using web access: strict and regular. In the case of a strict access control every web request must be explicitly allowed on the device. In a regular mode of operation, only the changes are required to be allowed. The confirmation is done via a dialog box.