KeyPing

English | Espanol

KeyPing is a privacy-first desktop password manager focused on detecting weak, reused, and risky passwords while keeping all data fully local and offline.

Project Status

Active development. Core features are stable and used daily, with continuous improvements in UX, security, and test coverage.

Screenshots

Demo Flow

Features

• Local-only encrypted vault (AES-256-GCM)
• Password similarity and reuse detection
• Password health analysis and scoring
• Version history per password
• Advanced filtering and search
• Folder organization with drag and drop
• Secure clipboard with auto-wipe and history cleaning (Windows best effort)
• Offline encrypted import/export
• Auto-updates via GitHub Releases
• Interactive onboarding and demo mode
• ES / EN interface

Why KeyPing

Most password managers focus on storage and autofill.

KeyPing focuses on password hygiene:

• detecting weak passwords
• identifying reused credentials
• highlighting risky patterns
• improving vault security over time

All while keeping data fully local and offline.

Security

Local encryption

Vault data is encrypted on disk using AES-256-GCM.

No cloud dependency

No mandatory cloud sync, no external secret storage, and no account required.

PBKDF2 key derivation

Key derivation uses PBKDF2-HMAC-SHA512 (120000 iterations in the current implementation).

Clipboard auto-clear

Copied secrets are cleared after timeout only if clipboard content still matches the copied secret.

Brute-force delay protection

Master lock applies escalating cooldown delays after failed unlock attempts.

Vault integrity checks

The app validates vault structure and detects corruption/timestamp anomalies.

Installation

Download binaries from GitHub Releases:

• Releases: https://github.com/Unax-Zulaika-Fuente/KeyPing/releases
• Windows: .exe installer (NSIS)
• Linux: AppImage
• macOS: .dmg

Release Integrity

Each release includes:

• SHA256SUMS.txt
• SHA256SUMS.txt.asc (detached ASCII-armored GPG signature)

Release signing key fingerprint:

D70937B0AD7411A9E6A66337A5F10A1A37AAEBE9

Verify signature:

gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt

Verify checksums:

sha256sum -c SHA256SUMS.txt

Architecture

• Frontend: Angular (standalone components)
• Desktop runtime: Electron
• IPC bridge: secure preload API (contextIsolation enabled)
• Vault: encrypted local file managed by Electron main process

Flow summary:

1. UI requests an action through preload IPC.
2. Main process validates and executes secure operations.
3. Vault module encrypts/decrypts local storage.
4. UI receives sanitized metadata and operation state.

Development

Requirements:

• Node.js 20+
• npm 10+

Run locally:

cd keyping-ui
npm install
npm run dev

Useful commands:

• npm run build -> production build + packaging
• npm run test -> Angular tests
• npm run test:electron -> Electron unit tests

Roadmap

• Optional breach-check integrations (privacy-preserving approach)
• Expanded IPC/vault automated tests
• Better import conflict resolution UX
• Signed and notarized macOS pipeline
• Optional portable mode
• More accessibility and keyboard navigation polish

Contributing

Issues and PRs are welcome.

When reporting bugs, include:

• OS and version
• KeyPing version
• Reproduction steps
• Expected vs actual behavior

License

MIT. See LICENSE.

Third-Party And Trademarks

• Third-party notices: THIRD_PARTY_NOTICES.md
• Trademark and branding notice: TRADEMARK.md

Author

Unax Zulaika Fuente (Zulaa9)
Software Systems Engineer

• GitHub: https://github.com/Unax-Zulaika-Fuente
• Project: https://github.com/Unax-Zulaika-Fuente/KeyPing