iwcore
IntelliWallet Core (iwcore) is an open-source Rust password manager library: a small, embeddable engine for building secure password managers and digital vaults. It bundles authenticated encryption (XChaCha20-Poly1305 + Argon2id), encrypted SQLite storage, backups, search, and password generation behind a clean API.
It is the storage and cryptography engine behind IntelliWallet, a free cross-platform password manager available on Google Play and the App Store.
The core is open by design: anyone can audit exactly how IntelliWallet protects your data, and anyone can use iwcore to build their own client or an alternative to IntelliWallet.
Contents
- Features
- Security
- Open Source
- Installation
- Quick Start
- Usage
- Field Types
- Supported Languages
- License
Features
- Authenticated Encryption - XChaCha20-Poly1305 (AEAD) over a per-vault Data Encryption Key, wrapped by an Argon2id-derived key; unique nonce per value and built-in tamper detection
- SQLite Storage - Reliable database storage with full ACID compliance
- Hierarchical Organization - Organize items in folders with drag-and-drop support
- Custom Field Types - 20 built-in field types (email, password, credit card, etc.) plus custom labels
- Delete & Restore - Soft-delete with full undo capability for items and fields
- Backup & Restore - ZIP-based backup with versioning, auto-cleanup, and integrity verification
- Multi-language Support - 11 languages included
- Password Generator - Random, pattern-based, and memorable password generation
- Search - Full-text search across item names and field values
- Export - Data export with PDF item model support
- Database Maintenance - Compact/optimize database by purging deleted records
Security
iwcore protects item names and field values with modern authenticated encryption:
- XChaCha20-Poly1305 (AEAD) encrypts every value with a unique random nonce, so identical plaintext never yields identical ciphertext, and any tampering is detected on decryption.
- Per-vault Data Encryption Key (DEK). A random 256-bit DEK encrypts all data. The DEK is stored wrapped (encrypted) under a Key Encryption Key derived from the master password with Argon2id (memory-hard, per-vault random salt, parameters stored per vault). Password verification is simply "can we unwrap the DEK", so there is no separate verifier to attack.
- Cheap password changes and future hardening. Changing the master password (or raising the Argon2id cost in a future release) only re-wraps the DEK; stored data is never re-encrypted.
- In-memory keys are zeroized when the wallet is locked or dropped.
- Newly created vaults are born with this scheme.
Open Source
We believe the security of a password manager should be verifiable, not taken on trust. That is why the core of IntelliWallet is open source:
- Auditable. Anyone can read exactly how vaults are encrypted, how keys are derived, and how data is stored. No black boxes around your passwords, security through transparency, not obscurity.
- Reusable.
iwcoreis a standalone, MIT-licensed library. You are free to use it to build your own password manager or an alternative client to IntelliWallet. - Improvable. Anyone can propose enhancements, open a pull request, or fork the project. The library grows with its community.
- Yours for the long run. Because the storage format and cryptography are open, you can always recover and use your data independently, regardless of the future of the IntelliWallet app or IntelliSoftAlpin eG. Your vault outlives any single product or company.
- Standard cryptography. We rely on well-reviewed primitives from the Rust community (XChaCha20-Poly1305, Argon2id) rather than home-grown schemes.
Found a security issue? Responsible disclosure is appreciated, please open an issue or get in touch.
Installation
Add to your Cargo.toml:
[]
= "0.2.2"
Or use cargo:
Quick Start
use Wallet;
use Path;
// Create a new wallet
let mut wallet = create?;
// Add an item
let item_id = wallet.add_item?;
// Add fields to the item
wallet.add_field?;
wallet.add_field?;
// Search for items
let results = wallet.search?;
for result in results
// Close the wallet
wallet.close;
Opening an Existing Wallet
use Wallet;
use Path;
let mut wallet = open?;
// Unlock with password
if wallet.unlock?
wallet.close;
Item & Field Management
// Create folders and items
let folder_id = wallet.add_item?;
let item_id = wallet.add_item?;
// Add, update, copy, move fields
let field_id = wallet.add_field?;
wallet.update_field?;
wallet.copy_field?;
wallet.move_field?;
// Move and copy items
wallet.move_item?;
let copy_id = wallet.copy_item?;
// Soft-delete and restore
wallet.delete_item?;
let deleted = wallet.get_deleted_items?;
wallet.undelete_item?;
wallet.delete_field?;
let deleted_fields = wallet.get_deleted_fields?;
wallet.undelete_field?;
// Purge all soft-deleted records permanently
let = wallet.compact?;
Password Management
// Change wallet password (re-wraps the data key; stored data is untouched, effectively instant)
wallet.change_password?;
// Check password without unlocking
let valid = wallet.check_password?;
// Lock/unlock session
wallet.lock;
assert!;
wallet.unlock?;
Password Generation
use ;
// Random password with options
let options = PasswordOptions ;
let password = generate_password;
// Pattern-based password (A=uppercase, a=lowercase, 0=digit, @=special)
let password = generate_clever_password;
// Memorable password, e.g. "Garden7-River4-Maple2-Stone9"
let memorable = generate_memorable_password;
Backup & Restore
use ;
use Path;
let wallet = open?;
// Create backup (automatically checkpoints WAL for data consistency)
let backup_mgr = new;
let backup_path = backup_mgr.create_backup?;
// List and manage backups
let backups = backup_mgr.list_backups?;
let latest = backup_mgr.get_latest_backup?;
// Verify backup integrity
backup_mgr.verify_backup?;
// Restore backup
backup_mgr.restore_backup?;
// Cleanup old backups
backup_mgr.cleanup_old_backups?;
backup_mgr.cleanup_auto_backups?;
Backups carry the database version, so newer backups are correctly rejected by older versions, while newer versions can read and migrate older backups on restore.
Custom Labels
// Add a custom field type
wallet.add_label?;
// Update label properties
wallet.update_label_name?;
wallet.update_label_icon?;
// Delete custom label
wallet.delete_label?;
Field Types
iwcore supports 20 built-in field types:
| Code | Name | Value Type |
|---|---|---|
| PASS | Password | password |
| NOTE | Note | text |
| LINK | Link | link |
| ACNT | Account | text |
| CARD | Card | text |
| NAME | Name | text |
| PHON | Phone | phone |
| PINC | PIN | text |
| USER | Username | text |
| OLDP | Old Password | password |
| DATE | Date | date |
| TIME | Time | time |
| EXPD | Expiry Date | date |
| SNUM | Serial Number | text |
| ADDR | Address | text |
| SQUE | Secret Question | text |
| SANS | Secret Answer | text |
| 2FAC | 2FA | text |
| SEED | Seed Phrase | text |
Supported Languages
- English (en)
- German (de)
- Russian (ru)
- Ukrainian (uk)
- Polish (pl)
- Portuguese (pt)
- Belarusian (be)
- Bulgarian (bg)
- Hindi (hi)
- Catalan (ca)
- Spanish (es)
License
This project is licensed under the MIT License - see the LICENSE file for details.
Links
- IntelliWallet - the password manager built on this library
- IntelliWallet on Google Play
- IntelliWallet on the App Store
- Documentation
- Repository
- IntelliSoftAlpin eG - the company behind IntelliWallet