📚 SecurePass Vault Documentation

                🔐 Security First: This is a zero-knowledge password manager. Your master password is never stored or transmitted. All encryption happens locally in your browser.
            

📖 Quick Start

Launch the Vault: Click "Launch Vault" to open the application
Create Master Password: Choose a strong master password (you'll need this every time)
Add Passwords: Store your passwords securely with AES-256-GCM encryption
Never Forget: Your master password cannot be recovered if lost!

🔧 Features

AES-256-GCM Encryption: Military-grade authenticated encryption
PBKDF2 Key Derivation: 150,000 iterations for strong key generation
Password Generator: Create strong, random passwords (8-128 characters)
Password Analysis: Strength scoring and breach detection
Screenshot Protection: Prevents screen capture attempts
Auto-lock: Locks vault after 5 minutes of inactivity
Dark Mode UI: Eye-friendly interface
Offline First: Works completely without internet

🏗️ Architecture

Three-Tier Design

Frontend (Client-Side): HTML5 + JavaScript + Web Crypto API
- Zero-knowledge encryption in browser
- localStorage for encrypted vault storage
- No server communication required
Java Microservice (Optional): RESTful API on port 8081
- Password strength analysis
- Secure password generation
- Breach database scanning
- Security audit reports
Node.js Backend (Optional): Express proxy on port 5000
- Forwards requests to Java microservice
- MongoDB integration for multi-device sync
- JWT authentication

💻 Tech Stack

Frontend: HTML5, CSS3, JavaScript ES6+
Cryptography: Web Crypto API (AES-256-GCM, PBKDF2-SHA256)
Backend: Node.js, Express.js
Microservice: Java 8+ (Built-in HttpServer)
Database (Optional): MongoDB
Version Control: Git

🎓 OOP Concepts Demonstrated

Encapsulation: Password class with private fields
Abstraction: PasswordAnalyzer interface with multiple implementations
Inheritance: AdvancedPasswordAnalyzer extends BasicPasswordAnalyzer
Polymorphism: Multiple analyzer types with common interface
Composition: VaultManager contains analyzer and audit service

🔒 Security Features

Master password never stored (zero-knowledge)
CryptoKey non-extractable flag enabled
Memory cleared after key derivation
Auto-lock on inactivity
Screenshot attempt detection
beforeunload handler clears sensitive data

⚙️ Running Locally

Client-Only Mode (No Backend)

Open frontend/index.html directly in browser
Works 100% offline
All features available except server-backed sync

With Java Microservice

Navigate to java-backend folder
Run: run.bat (Windows) or javac -d bin src/main/java/com/securepass/**/*.java && java -cp bin com.securepass.SecurePassApplication
Service runs on: http://localhost:8081

With Node.js Backend

Create backend/.env with MongoDB URI and secrets
Run: cd backend && npm install && npm start
Service runs on: http://localhost:5000

📄 License

This project is open source and available for educational purposes. Check the repository for license details.

👨‍💻 Author

Created by Gaurav (@Gaurav478-stack)

                ⚠️ Important Notice: This is an educational project demonstrating OOP concepts and security principles. For production use, consider additional security audits and penetration testing.
            