Want to read more?
Take a look!
Pave Documentation
Let us know!
Report bug
Get in touch with us,
We want to hear from you!
support@pave.software
Monday – Friday
8:00 – 17:00 (CET/CEST)
+43 316 21 800 37
Very. By utilising the latest encryption standards (X25519 and Chacha20 – safer, faster and more modern than the more commonly used AES encryption) we ensure that your data will always be safe, whether in transit or stored. And since all data storage is under your control, and not some foreign cloud service, even these encrypted data will be hard to steal – and impossible to crack.
macOS, Windows and Linux (Debian and derivatives) are fully supported. Support for mobile operating systems will be added in future (see above) and Linux packages for RHEL and derivatives provided shortly.
A full manual can be found on https://docs.pave.software/, additionally, our blog articles have in-depth information on specific technical aspect of PAVE.
You can open the password form either with the + Add button in the upper right corner, or by pressing ⌘+N/Ctrl+N.
A title/short description is needed for all passwords, the other fields are optional. If you want to generate a password, either press the Generate button, or use the (⌘/Ctrl)+1/2/3 shortcuts.
By clicking “Save password”, the password is encrypted, stored and (in case of Team PAVE) synchronised with all groups you shared it with.
You are recommended to use our, or any other cryptographically secure password generator to make up passwords – the human brain is too easy tricked into using predictable patterns.
If you want to generate passwords that are easily memorized, we recommend XKCD style passwords:
But even for this method, please make sure you are using a cryptographically secure generator. Using song lyrics, or book contents, or similar pseudo-random sources leads to trivially cracked passwords
PAVE’s password generator works similar to other generators: We utilize the operating system’s CSPRNG (/dev/random on macOS/Linux and CryptGenRandom on Windows) to generate true random data, and then convert it to a string of random letters, digits and (on the highest setting) punctation marks. With this, the generator’s weak, medium and strong settings achieve (roughly) 56, 88 and 192 bit equivalent entropy.
Wherever possible, strong passwords should be generated, the weaker settings are intended for memorized passwords and for services that disallow long passwords, and should be rotated regularly.
(Adding XKCD-style passwords to the password generator is planned, with a strengths of 64 and 96 bits, resulting in four and six word passphrases.)
Not yet. An importer is planned, and will be provided in the near future.
Please write an e-mail to digital@tao.at. An issue tracker will be set up soon™.
There is no limit on either the Free or any of the Team versions. Database sizes in the order of a few thousands of passwords work reasonably well even on several years old laptops, bigger databases might need faster hardware to be searched quickly. Additional performance improvements are planned with subsequent versions.
Delete the PAVE entry in your Applications folder to uninstall the app.
To remove cached and other temporary data, delete the folder ~/Library/Application Support/FreePAVE
(or TeamPAVE).
If you also want to delete your user data (including all FreePAVE passwords and TeamPAVE private keys), delete the folder ~/.config/pave
as well.
Uninstall the PAVE entry in Control Panel\Programs and Features to uninstall the application.
To remove cached and other temporary data, delete the folder %APPDATA%\FreePAVE
(or TeamPAVE).
If you also want to delete your user data (including all FreePAVE passwords and TeamPAVE private keys), delete the folder%APPDATA%/pave
as well.
~/.config/FreePAVE
(or TeamPAVE) to remove cached and other temporary data~/.config/pave
to delete your user data (including all FreePAVE passwords and TeamPAVE private keys)The PAVE folder contains all private keys, and in case of Free PAVE also the password database.
On OSX and Linux, it can be found in ~/.config/pave
, on Windows in %APPDATA%\pave
.
For Team PAVE, the server’s database also needs to be backed up. Please refer to your database engine’s documentation for best practices.
PAVE uses encryption in several areas:
For Team PAVE accounts, we obviously need to see your billing data, and we retain e-mail addresses of all registered users.
Other than that, we have absolutely zero insight into what you do with PAVE. As there’s neither cloud hosting nor -backups, we do not have any access to your data, not even encrypted. Everything remains on your local network.
After registering with your e-mail address, you will be redirected to the download site. On it, you will find downloads for all supported platforms.
For macOS: After downloading, click the .dmg file to open it; drag and drop the Pave icon into the Applications folder.
For Windows: After downloading, double-click the .exe file to start the installer, it will install PAVE and create a desktop shortcut.
For Linux: A repository is provided for common distributions to allow automated updates, please follow the instructions on the download site to configure it. Alternatively, you can download a deb/pacman package and install it manually, please refer to your distribution’s documentation for further information.
In macOS and Windows, updates are automatically downloaded and you will be prompted to quit PAVE for installing the upgrade. You can postpone this for as long as you like, but we recommend installing patches quickly.
Linux users can either set up a repository during installation, to receive automated updates, or update manually, by downloading and installing the new version on top of the old.
Updates are downloaded automatically once available and will trigger a notification asking you to restart PAVE. During the restart, the update will be installed in background.
On major releases (i.e., new features), newsletter subscribers will also receive an e-mail notification. For bugfix releases, only a changelog will be published in the blog.
In addition to centralised updates as for the Free version (see above), customers can set up their own update servers for integration with existing infrastructure. Please refer to our installation manual for details.
Not necessarily. An internet connection is obviously needed to download and install security patches and other updates, otherwise, it depends on your setup. You can use the PAVE server completely air-gapped if you want, or you can make it internet accessible to allow remote synchronization.
Yes. Licenses are per-user, not per-machine, so every licensed user can install PAVE on as many of their devices as desired. There’s no license limit on server installations either, you can have an unlimited amount of key/data servers (as long as all their users are licensed).
Yes. Passwords not explicitly shared with any particular group are private and can only be encrypted with your personal key. The encrypted blobs are synchronised to the server, but only you will be able to decrypt them again.
(If you want to store passwords that are not synchronised, consider installing Free PAVE in parallel.)
Currently, PAVE only allows storing passwords. It is planned to add the possibility of scripting password changes to update passwords on websites from within PAVE, but not yet available.
PAVELinks allow you to quickly reference shared passwords, without giving away any sensitive information. This way, you can freely send them over e-mail or other open channels without having to worry about people eavesdropping – only people you have shared a password with can access it, by simply clicking on the link:
The link only contains an ID used internally by PAVE, so it is completely useless to outsiders.