USB Credentials Manager
This is v1.0 of the PasswordPump, a USB device that manages credentials for up to 254 accounts. Credentials (account names, usernames and passwords) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-128). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard and serial terminal. The device itself is approximately 1 1/8 x 2 3/4 inches, or 29 x 71 millimeters. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here (bottom) and here (top). Once my 3D printer arrives and I assemble it I'll be perfecting the case design.
Features
Store up to 254 sets of credentials on a single 25LC256 EEprom chip.
Credentials are stored in alphabetical order for easy location.
Up to 10 failed attempts to enter the master password are allowed, then an automatic chip wipe and factory reset occurs.
All credentials are encrypted with AES128, the master password is hashed with SHA256.
All encrypted accounts and the hashed master password are salted.
The device is not vulnerable to standard password attacks.
Backups on external EEprom are encrypted.
All credentials can be dumped into a text file for an additional backup (e.g. to a thumb drive that's stored in a safe or safe deposit box, and encrypted).
Entry of credentials is supported via keyboard and serial terminal or rotary encoder.
Only one master password, up to 14 characters long, is required to access all of your credentials.
Automatic logout after 1 hour of inactivity.
Optional password generation, 31 characters of random letters, symbols and numbers, for extremely strong passwords.
Configure the display of passwords on the device to be on or off.
Demo
This video is a demonstration of the PasswordPump.
Bill of Materials & Parts Cost
Part
Description Cost Quantity
- Arduino Pro Micro $2.87 1
- RGB LED 0.02 1
- Resistors 4.7k ~0.03 2
- Resistors 220 ~0.04 3
- Custom PCB 1.10 1
- Rotary Encoder 0.42 1
- Knob 0.15 1
- OLED 128x32 1.64 1
- Momentary push button 0.01 1
- 25LC256 External EEprom 1.89 2
*Total Cost of Parts: $8.17
*not including the USB cable
Buying a PasswordPump Kit
Via www.5volts.org you will be able to procure a PasswordPump; either a disassembled kit or a fully assembled kit, at some point in the future if there's some demand. I'm not getting rich off of this project, I'm covering my costs, I don't expect to sell more than a handful of these to people who are excited about having one. It takes time, money and effort to procure parts, put together kits and especially to solder complete units, to accept orders and payment, and to ship them. I'm completely up front about what the parts cost me and what I'm asking, and you're free to acquire the parts and the custom PCB board yourself and assemble it yourself; there are no secrets, everything you need is here. I'm also up front with the fact that there are defects and issues with the PasswordPump that are annoying (read this entire blog before you buy a unit, including the Known Defects section at the end) and I'm hopeful that folks will help me to make the PasswordPump better over time.
Please Read! Issue with the MicroUSB Connection
I've learned that the micro USB connection on the Arduino Pro Micro board is extremely fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the Arduino Pro Micro board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, get enough material for a few PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! The official Arduino Pro Micro is made by Sparkfun, and retails for $19.95. I'm using knockoff boards for the device, they retail at about $2.87. I did purchase an official Pro Micro, and there is no visible difference between the micro USB connectors on the official unit and the knockoffs, but perhaps if you go with the original official board your results will be better.
Existing Projects/Products
I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is also built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Hackster.io. Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing); and lock bits are not set to protect the credentials. I set out to expand on the idea presented in that project and, 2,000 lines of code later, landed here with the PasswordPump.
Menu Hierarchy
Master Password
Find Account
[scroll through accounts list]
Send User & Pass
Send Password <RET>
Send Username
Send Password
Send Account
Edit Credentials
Account Name
Edit Username
Edit Password
Indicate Style
GeneratePasswrd
Delete Account [confirm]
Add Account
Account Name
Edit Username
Edit Password
Indicate Style
GeneratePasswrd
Logout
Keyboard ON/OFF
Show Passwrd ON/OFF
Backup EEprom [confirm]
Backup to File
Restore Backup [confirm]
Reset [confirm]
You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).
Operation
To turn the device on you simply plug it into a USB port/receptacle using a micro USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository referenced below in the Source Code section. If I shipped the device to you it arrives already flashed with the program and the lock bits are set. See the data sheet, section 28.1, for more information about setting the lock bits. Since this is an open source project it doesn't really matter anyhow. Setting the lock bits serves to better protect the hashed master password and the source code.
The first time you power the device on you'll see :
Master Password
March 11 2019 (or the date of the most recent compile)
At this point you'll want to enter your master password. Try to select a master password that you'll be happy with, because if you want to change it you have to Reset the device, and that wipes out all of your credentials. There is only one way to get the credentials back into the device after that, by keying them in via keyboard or rotary encoder. Also try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 14 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder down (short click) to select the character. There's presently no way to back up if you make a mistake so be careful (or enhance the code yourself, if you can squeeze it in!). Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 a second). You've just entered the master password and now you're ready to enter a set of credentials.
You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).
Adding Credentials
To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Arduino/Genuino Micro port. Then select Tools->Serial Monitor (or Ctl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:
Account Name
Add Account
Short click, then switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:
Edit Username
[the account name you entered]
Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:
Edit Password
[the account name you entered]
Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:
Indicate Style
[the account name you entered]
Short click again and use the rotary encoder to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the Password Pump. You should now see:
Account Name
[the account name you entered]
Long click again and you'll see:
Find Account
[the account name you entered]
You've finished entering the credentials.
Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.
Sending Credentials
Navigate to Find Account and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:
Send User & Pass
[the account name you selected]
Short click to send the username, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.
If you only want to send the password to the computer, followed by a carriage return, scroll down once using the rotary encoder until you see:
Send Password <RET>
[the account name you entered]
And short click to send the password and the carriage return character.
Similarly you can send just the username or just the account name.
Editing Credentials
To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find Account to navigate to the account you want to edit and short click. Then scroll down to Edit Creds and short click. Then scroll to the attribute you want to edit; Account Name, Edit Username, Edit Password, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.
Deleting Credentials
Make sure you have a current EEprom backup. Navigate to Find Account and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Acct and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find Account and verify that your account is deleted. If you're not able to scroll through all of your accounts, a intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.
Generating a Password
Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is it's ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. To generate a password for an account simply find the account via Find Account and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password <RET>) and short click. In your application on your computer place input focus in the new password text box by hitting the <TAB> key. In the PasswordPump scroll down to Edit Creds and short click, then scroll down to Gen Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password <RET>) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the old password is not accepted be aware that you have just overwritten the old password with your new generated password. To restore the old password you'll need to either Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!
Logging Out
When you want to log out of the device navigate to Logout using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out and must enter the master password again in order to use the device. If you're walking away from your computer to get coffee it's good practice to lock your computer and logout of the PasswordPump.
Toggling Keyboard Entry
Navigate to Keyboard ON/OFF. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials. This setting is not saved when the device powers off and the default is Keyboard OFF.
Showing/Hiding Passwords
Using the rotary encoder navigate to Show Psswrd ON/OFF. Short click to toggle the setting. This setting is saved when you log out and power down the device.
Backing Up to EEprom
On the Password Pump navigate to Backup EEprom using the rotary encoder. Short click, then confirm that you want to backup from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green.
Back Up to a File
On the PasswordPump navigate to Backup to File using the rotary encoder. On your computer open a text editor (one without an autocomplete feature), notepad.exe works best, and place input focus inside the text editor. Personally I use UltraEdit because it has built in encryption. Then short click on Backup to File. The contents of the primary EEprom chip (all of the credentials stored in the PasswordPump) are dumped into the text editor. The RGB led turns purple, then to green when the operation is complete. It's best to encrypt this file by zipping it up with a password using WinZip or similar, and storing it on a thumb drive that you can, in turn, store in a safe or safe deposit box. Delete the original file from your computer and empty the trash. Keep this file up to date by periodically executing this operation. I carry the encrypted file with me on a thumb drive that is securely attached to my key ring, and I keep a backup of that file elsewhere.
Restore a Backup from EEprom
If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Restore Backup on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green.
Performing a Factory Reset
You want to wipe out all of the encrypted credentials on the primary EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset doesn't wipe out the credentials stored on the backup EEprom. If you use the same master password you'll be able to restore the backup and see the credentials. If you want to wipe out the backup EEprom as well, select Backup EEprom after you've entered your new master password, or swap the position of the primary and backup EEprom chips and perform another factory reset.
Using the GUI to Enter Credentials
As of April 21, 2019 there's a python 2.7 program that you can run that will help you to enter credentials from your PC. Instructions for use are in the Instructions section of the UI. The file can be downloaded from the source code repository, PassPumpGUI_v0_2.py. This file needs to be used in combination with PasswordPump_20.ino.
Flashing the Program
I'm using an external programmer to burn the program onto the device. i.e. from the Arduino IDE I"m selecting Sketch-->Upload Using Programmer to send the program to the Atmel ATMega32u4/Arduino Pro Micro. I'm doing this in part because it overwrites the boot loader, and I want to overwrite the boot loader because by doing so I have more space on the device for the program. I don't think the program will fit onto the Pro Micro if the boot loader is present, but I haven't tested this. I also don't think the device will work correctly with the boot loader present for other reasons. Therefore, I use the Pololu USB AVR Programmer for this. I still have to power the device via the USB cable while programming with the external programmer. If you build the device by sourcing the parts on your own or if you build with the kit, be sure to refrain from snipping the header pins after you have soldered the Arduino Pro Micro to the USB board if you want to be able to load the firmware. If you snip the header pins flush with the PCB board there won't be a way to re-program the device; you need to connect VDD, GND, RST, MOSI, MISO, and SCK to the Arduino Pro Micro from your external programmer to flash the program. Instructions for doing this are found here. Rest assured that my initial setting of the lock bits will not prevent you from re-flashing the program. If you want to reset the lock bits after re-flashing the program you can do so. For me the easiest way to do that was to use Atmel Studio and my USB AVRISP XPII. But you don't really need to set the lock bits because the source code is now available to everyone, anyhow. The master password, stored in internal EEprom, is hashed with SHA-256.
Source Code
The source code is found here. It's heavily documented in-line, so I'm not going to go through it line by line here.
I'm certain that there are defects remaining in the program (in fact, all of the defects that I"m aware of are listed in the comments section at the top of the program, along with a list of the defects that I've addressed). Therefore use the product at you own risk. IMPORTANT: I recommend keeping your secondary EEprom up to date by backing up changes made to the primary EEprom when you add, remove or edit credentials. Then use a third EEprom so that you have two backups of your credentials. On top of that, periodically dump the credentials out to a file that you store in an encrypted file on a thumb drive, and secure the thumb drive in a safe or a safe deposit box. Finally, keep your accounts up to date so that if you need to reset a forgotten password you can do so. This product has not been professionally tested for quality purposes and it's possible that you'll lose your credentials. You have been provided with the source code so that you may correct any defects you find. That said, I've been using the device without incident for a couple of months now, and I am storing all of my credentials on it, with many of them using the generated password feature, so if I lose the device and my backups I'll need to reset my accounts, because there is absolutely no way for me to know what the passwords are at this point. I am also maintaining backups as per my recommendations above.
IMPORTANT DISCLOSURE: Using a supplied encryption library I've endeavored to encrypt all of the credentials that get stored on the external 25LC256 EEprom with AES128 (and hashed the master password, which is stored on internal EEprom with SHA256). I have salted the hashed master password and each set of credentials. This project is the first time I've ever used encryption, and there's been no formal code review, so I could have done it wrong, and the standard disclaimer (buyer beware) applies in this case. I have examined the content of the external EEprom chips (after storing many sets of credentials) using a PC and a CH340 24/25 series EEprom flash BIOS USB programmer and all of the usernames, account names and passwords appear encrypted. However, I am painfully aware that encryption is something that is very easy to do incorrectly, therefore proceed with caution. If you are skilled in this area I would appreciate a code review and some constructive feedback (please contact me directly).
The sketch presently uses 97% of program storage area and 66% of dynamic memory. This makes it extremely difficult to add new features to the product without exchanging them for existing features. There are several new features that I'd like to add but I can't because of the memory restriction. For example, after 1 hour of total inactivity the device times out and you're logged out of it. I would like to make that time period configurable (e.g. you could set it to 2 hours if you like), but I simply don't have the room to add that feature. I think one hour is probably a good compromise, and while at work with the device at my side I periodically turn the rotary encoder a click or two in any direction to push the automatic logout up an hour.
Libraries
The following libraries need to be installed in your Arduino IDE if you're going to compile the source code:
- https://rweather.github.io/arduinolibs/index.html - AES and SHA library, MIT License.
- https://github.com/LennartHennigs/Button2 - Used for the button on the
rotary encoder, Copyright (c) 2017 LennartHennigs , MIT License.
- https://github.com/brianlow/Rotary - Used for the rotary encoder, GNU GPL Version 3.
- https://github.com/arduino-libraries/Keyboard - Used to send characters to
the keyboard as if typed by the user, GNU Lesser General Public License.
- https://www.arduino.cc/en/Reference/EEPROM - Used for internal EEprom
- https://github.com/greiman/SSD1306Ascii - for SSD1306 display device, Bill Greiman <fat16lib@sbcglobal.net>.
Compiling
Make sure all of the required libraries are installed. Set the board to "Arduino Leonardo". Remember that you'll be uploading via an external programmer, so set that value in Programmer:. I use the Pololu USB AVR Programmer. Connect the MISO, MOSI, RESET, GROUND, VCC, and SCK pins accordingly. Select the port associated with the external programmer before selecting Sketch-->Upload Using Programmer.
Fritzing Diagram
Initially I built the project on a breadboard using the layout above. See the Hardware Connections section for details about the connections.
PCB
Top
This is the PCB I designed for the PasswordPump. The design files are available with the source code if you're interested in ordering your own. This is the first project I've ever designed with a PCB board, so feedback from the experienced is welcome. I would like to make the device smaller, so any advice toward that end is appreciated.
RGB Colors and Meanings
Green Logged in
Blue Not logged in
Red Failed login attempt
Error backing up or initializing EEprom
Purple Sending creds
Yellow Backing up to EEprom
Fast Flash Red / Blue Initializing external EEprom
Slow flash Red / Blue Initializing internal EEprom
Hardware Connections
- 1 Arduino Pro Micro (w/ ATMega32u4 microcontroller)
- Data Sheet: https://www.pjrc.com/teensy/atmega32u4.pdf
Number Name Arduino AVR Connect To / Notes
1 TX D1 PD3
2 RX D0 PD2
3 GND
4 GND
5 SDA D2 PD1 SSD1306 SDA, 4.7k pullup
6 SCL D3 PD0 SSD1306 SCL, 4.7k pullup
7 A6 D4 PD4
8 D5 PC6
9 A7 D6 PD7 pin 1 backup chip select for 25LC256
10 D7 PE6 rotary button
11 A8 D8 PB4 rotary pin 2
12 A9 D9 PB5 rotary pin 1
13 A10 D10 PB6 pin 1 primary chip select for 25LC256
14 MOSI D16 PB2 pin 5 primary 25LC256, backup 25LC256
15 MISO D14 PB3 pin 2 primary 25LC256, backup 25LC256
16 SCLK D15 PB1 pin 6 primary 25LC256, backup 25LC256
17 A0 D18 PF7 must float Used for random # generator
18 A1 D19 PF6 red RGB pin
19 A2 D20 PF5 green RGB pin
20 A3 D21 PF4 blue RGB pin
21 Vcc (+3V)
22 Reset reset button
23 GND GND RGB, GND SSD1306, GND encoder button,
GND 2 25LC256 chips
24 RAW (+5V from USB)
- 2 25LC256 (External EEprom)
Tested Part: MICROCHIP - 25LC256-I/P - 256K SPI™ Bus Serial EEPROM DIP8
Number Name ConnectTo Note
1 CS D10 PB6 pin 13 promicro Chip Select Input
2 SO D14 pin 15 promicro MISO - Serial Data Output
3 WP VCC pin 21 promicro Write Protect
4 Vss GND pin 23 promicro Ground
5 SI D16 pin 14 promicro MOSI - Serial Data Input
6 SCK D15 pin 16 promicro SCLK - Serial Clock Input
7 HOLD VCC pin 21 promicro Hold Input
8 Vcc VCC pin 21 promicro Supply Voltage
Number Name ConnectTo Note
1 CS D10 PD7 pin 06 promicro Chip Select Input
2 SO D14 pin 15 promicro MISO - Serial Data Output
3 WP VCC pin 21 promicro Write Protect
4 Vss GND pin 23 promicro Ground
5 SI D16 pin 14 promicro MOSI - Serial Data Input
6 SCK D15 pin 16 promicro SCLK - Serial Clock Input
7 HOLD VCC pin 21 promicro Hold Input
8 Vcc VCC pin 21 promicro Supply Voltage
License
This program and device are distributed in the hope that they will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Known Defects (and there are unknown defects, too!)
- When \e is embedded in an account name (or username or pw), it is
interpreted as the ESC character, and the input arrives empty. e.g.
INSIGHTORADB\entmetrics. Only an issue when input via keyboard, not encoder
- Sometimes deleting an account corrupts the doubly linked list that manages
the order in which the credentials are displayed. When this happens the
user needs to restore from EEprom to get missing credentials back.
- DisplayLine2 needs to be blanked out after retuning from Find or Add acct.
- When entering an account name 29 chars long via keyboard, nothing gets
entered.
- automatic initialization after 10 failed logon attempts is prompting the
user to confirm the action.
- in the switch statement for EVENT_SINGLE_CLICK the case statements
are not in order. When they are in order it doesn't evaluate
correctly.
- The female micro USB connection is extremely fragile.
Assembly
Assembly should be fairly obvious. Guidelines are provided below. If you have any questions send me an email (dan-murphy@comcast.net) before proceeding and I'll answer your question and update this site.
1) S2 - momentary push button, the reset button, solder onto the BACK SIDE of the PCB so that it is accessible after the Pro Micro is soldered to the board. Make sure that the orientation of the push button is correct. See the picture below.
2) R1,R2, R3 - 220 ohm resistors, solder these into place.
3) R4, R5 - 4.7k ohm resistors, solder these into place.
4) RGB - RGB LED, the longest pin on the RGB is ground. It is the third hole from the left or the second hole from the right. It's connecting trace is on the bottom of the PCB, while all others are on the top. Take care not to bridge the solder between the traces when soldering the leads. This is the most difficult part of the assembly. Some de-soldering skills might be necessary to remove any bridges you accidentally create. Use the continuity function on your multimeter to ensure that there are no bridges before proceeding.
5) U1 (label occluded), U2 -solder 2 IC DIP sockets into place. The notches in the sockets should face the bottom of the board (when standing the board on end). The notches or dimples in the 25LC256 chips will face the Pro Micro. See the picture at the very top of this blog.
6) ARD1 - after soldering male headers to the Pro Micro (use a breadboard, or the custom PCB itself, when soldering the headers in place to keep the headers precisely aligned, otherwise the Pro Micro will not fit into the custom PCB), solder the Pro Micro in place with the micro USB port facing the bottom of the PCB as per the picture at the top of the page. Don't solder the Pro Micro into place until after the momentary push button is soldered in place. After soldering the Pro Micro into place DO NOT snip the leads flush to the PCB, otherwise you'll never be able to re-flash the program.
7) RE1 - Rotary encoder. The two leads of the rotary encoder that are meant to more securely fasten the encoder to the PCB need to either be thinned out or snipped off entirely; the holes are too small and misaligned. The next version of the PCB I send out for manufacturing will have this problem solved. Apologies.
8) The last soldering step is to solder male headers to the OLED 128x32, and to then solder the OLED 128x32 to the PCB so that it hangs over the Pro Micro. The male headers should be just long enough to accomplish this. I use an elastic to keep the display in place, and the leads penetrating the holes in the PCB so that they are just flush with the back side of the PCB, almost poking all the way through, and there is just enough of a lead there to solder to the PCB.
9) Insert the knob onto the rotary encoder. If you ever need to remove the knob take care not to rip the rotary encoder off of the PCB.
10) Being careful not to bend the pins, insert both 25LC256 ICs into the dip sockets (with the dimples closest to the Pro Micro, see the picture at the top of this blog).
11) Plug the male end of a micro USB cable into the Pro Micro, and plug the other end into a USB port on your computer. Drivers will most likely be automatically installed. If not they are available on GitHub. Your PasswordPump should display:
PasswordPump
March 11 2019
then, three seconds later:
Master Password
March 11 2019
Click the rotary encoder down once and enter the master password you've selected. See the directions under Operation.
Future
I'm currently constrained by the amount of flash memory available to me in the ATMega32u4, 32k. All of the space is consumed by the program. If I had more room I could add additional features. In particular, I'm interested in writing GUI that would run on the computer that would interface cleanly with the PasswordPump. Using a Arduino serial terminal to add credentials is awkward at best, but I think more memory would be required to rectify the situation. I'd also like to have more EEprom room so that 64 bytes could be used for usernames, passwords and account names. Additionally I think it would be better to use AES-256 for encryption. A device that might meet all of these requirements is the Adafruit ItsyBitsy M4 Express with ATSAMD51; here are some of the advertised features from the web site:
Cortex M4 processor running at 120 MHz
512KB Flash (16 times bigger than the Atmel ATmega 32u4)
1.4" long by 0.7" wide (smaller than the Pro Micro)
2MB of SPI Flash (compared with 64k from the two 25LC256 chips)
Native hardware I2C and Serial (to interface with the SSD1306 display)
Built in crypto engine with AES, 256 bit (to replace the encryption library)
Native USB supported by every OS (to send credentials like a keyboard)
Can be used with Arduino IDE
Built in RGB DotStar LED (to replace the RGB on the PasswordPump)
Reset button
Power with USB
On the downside some of the libraries I've used for v1 of the PasswordPump will not work with the ItsyBitsy; the keyboard library in particular will be a problem as well as the library for the SSD1306. The other libraries could be tossed and code would more easily be written to accommodate the associated functionality. The biggest con is the price of the ItsyBitsy, at $14.95 it would triple the cost of producing a PasswordPump.