The user interface is optimized for ease of use and speed. The client is platform-independent and runs everywhere.
New passwords can be added by anyone with only a few clicks, shared via secure links, and looked up with a comprehensive search. PAVE is designed for hundreds of users sharing tens of thousands of passwords.
PAVE can be run locally, isolated from the internet. At the same time it is secure enough to be deployed in your favourite cloud service.
Access to passwords is controlled by fine-grained ACLs, allowing sharing with individuals, departments, or the whole company.
Fully asymmetric authenticated encryption using state-of-the-art algorithms via libsodium, running inside a sandboxed client with minimal attack surface.
New passwords are encrypted with the recipient’s private key inside the client, and the (authenticated) encrypted blob synchronised with the server. The recipient’s PAVE will sync passwords periodically when online, and only their private key can open the password.
Clients synchronise all passwords, after encrypting them with the user’s key pair. The server only holds opaque blobs, synchronising them; clients search for passwords in their local database and can decrypt them on demand.
I am interested in the PAVE password manager and have the following questions: