# HidnKey - Secure Password Manager (iOS & Android)

> [HidnKey](https://hidnkey.com/) is a zero-knowledge, completely offline password manager with military-grade AES-256-GCM encryption. It is built strictly for personal data sovereignty on mobile devices.

---

## 🇺🇸 English Version

### Product Overview
HidnKey is a high-security, privacy-first offline password manager for mobile devices (**iOS 15+ and Android 9+**). Employing a strict **zero-knowledge architecture**, all data is stored exclusively on the user's local device. There are no cloud servers, no remote databases, and no analytics trackers. The developers have absolute zero access to any user credentials.

### Key Features & Technical Specifications

| Feature | Technical Implementation & Specifications |
|:---|:---|
| 🛡️ **Military-Grade Encryption** | Uses **AES-256-GCM** to encrypt all credentials, ensuring confidentiality and cryptographic integrity. |
| 🔑 **Hardened Key Derivation** | Derives keys from the Master Password using **PBKDF2-SHA256** with **100,000 iterations** combined with device-specific secure entropy. |
| 🗄️ **Secure Local Database** | All records are kept inside a local SQLite database encrypted natively via **SQLCipher 4.0**. |
| 👆 **Biometric Authentication** | Instant unlock with **Face ID / Fingerprint** using system-level local authentication APIs. No actual biometric traits are stored or exposed. |
| 🚨 **Brute-Force Auto-Destruct** | Active defense mechanism: after 5 failed biometric attempts, the app locks for 30 seconds. If configured, hitting the password error limit will **immediately and permanently wipe** all local databases, keys, and hashes. |
| 📋 **Clipboard Auto-Clear** | Automatically clears copied passwords from the system clipboard after **30 seconds** to mitigate clipboard snooping. |
| 🌏 **Autofill Integration** | Deep native integration with **iOS AutoFill** and the **Android Autofill Service** for seamless browser and app logins. |
| 🚀 **LAN P2P Migration** | Allows direct device-to-device database migration via **P2P direct connection over local network** encrypted with a temporary 6-digit pairing code. No external servers are involved. |
| 🎲 **Password Generator** | Built-in customizable high-entropy random password generator supporting customizable length, digits, symbols, and casing. |
| 📥 **Secure CSV Import** | Supports importing existing credentials securely from **Google Chrome** and **iOS Settings (Passwords)** via standard CSV format. All importing, parsing, and data processing are performed 100% locally on the device with zero network footprint. |

### Technical Architecture
- **Framework & State**: Flutter + GetX (fully native experience)
- **Design System**: HidnKey Dark Theme, Space Grotesk + Inter typography, Cyberpunk Neon aesthetics.
- **Privacy & Telemetry**: **Zero** analytics, **Zero** tracking SDKs, **Zero** cloud synchronization.
- **Licensing & Cost**: **100% Free** (No subscriptions, No ads, No monetization of user data).

### FAQ (Frequently Asked Questions)

#### Can I recover my master password if I forget it?
**No.** Under the zero-knowledge model, your Master Password is the sole decryption key and exists only in your memory. It is never stored. If lost, the data is permanently unrecoverable by anyone, including the developers.

#### Will my passwords sync to any cloud server?
**No.** HidnKey is strictly offline. All data remains inside your device's sandbox. Transferring data to a new device is done securely via peer-to-peer (P2P) local area network migration.

#### How do I import my existing passwords (e.g. from Chrome or iOS) into HidnKey?
HidnKey supports one-click secure CSV password importing. You can export your passwords from Google Chrome or iOS Settings -> Passwords as a CSV file, then import it inside HidnKey to complete a seamless migration in seconds. All importing and parsing are processed entirely locally on your device, ensuring your credentials never leak.

---

## 🇨🇳 中文版

### 产品概述
HidnKey 是一款面向隐私至上用户的极高安全性、纯离线密码管理器移动应用（支持 **iOS 15+** 与 **Android 9+**）。采用严格的**「零知识」安全架构**，所有敏感数据永久保存在用户的本地设备中。无任何云端服务器，无远程数据库，不包含任何第三方统计或追踪 SDK。开发者在技术上完全无法访问用户的任何数据。

### 核心特性与技术规格

| 特性 | 技术实现与规格描述 |
|:---|:---|
| 🛡️ **军事级数据加密** | 采用 **AES-256-GCM** 端到端加密算法，保障密码库的机密性与完整性。 |
| 🔑 **抗爆破密钥派生** | 用户主密码通过 **PBKDF2-SHA256** 算法经过 **100,000 次哈希迭代**，结合设备级安全熵派生出最终解密密钥。 |
| 🗄️ **本地安全加密库** | 所有凭证均存储在本地 SQLite 数据库中，并通过 **SQLCipher 4.0** 进行整库原生加密。 |
| 👆 **系统级生物解锁** | 通过系统原生接口支持 **Face ID / 指纹一触即开**。不收集、不存储任何实际生物识别特征。 |
| 🚨 **暴力破解主动防御** | 生物识别连续失败 5 次自动锁定 30 秒。用户可启用「超限自动销毁」，当主密码输错达到上限时，**立即永久抹除**本地所有的密钥、哈希与 SQLCipher 数据库。 |
| 📋 **剪贴板自动清除** | 复制密码后 **30 秒**自动清空系统剪贴板，防止其他后台恶意应用窃取剪贴板敏感数据。 |
| 🌏 **系统级自动填充** | 深度集成 **iOS AutoFill** 和 **Android 自动填充服务 (Autofill Service)**，实现应用与浏览器的丝滑一键填充。 |
| 🚀 **局域网 P2P 迁移** | 换设备时，通过局域网建立设备与设备间的 **P2P 点对点加密通道**，由临时 6 位随机配对码验证直连，迁移过程绝对不经过任何外部服务器。 |
| 🎲 **强密码生成器** | 内置可定制长度、大小写字母、数字、特殊符号的高熵随机密码生成器。 |
| 📥 **安全 CSV 导入** | 支持从 **Google Chrome** 浏览器或 **iOS 系统设置 (密码)** 导出安全的 CSV 凭据，并本地一键解析导入。所有导入、解析与处理均 100% 在用户设备本地离线完成，无任何网络活动。 |

### 核心技术架构
- **技术框架**：基于 Flutter + GetX 状态管理构建，性能卓越。
- **界面设计**：HidnKey 专属深色视觉体系，采用 Space Grotesk 与 Inter 现代字体，融入微动效与玻璃拟态（Glassmorphism）极简美学。
- **隐私保护**：**零**追踪器、**零**数据分析、**零**云端同步。
- **商业模式**：**完全免费**（无付费订阅、无内置广告、不收集用户数据变现）。

### 常见问题 (FAQ)

#### 如果我忘记了主密码，可以找回吗？
**绝对不能。** 零知识架构决定了主密码是解密所有数据的唯一钥匙，且仅存在于您的记忆中。如果您遗忘主密码，任何人（包括开发者）都无法帮您恢复数据。

#### 我的密码会同步到云端吗？
**不会。** 所有数据只保存在您的本地安全沙盒中。若需要换机，可使用内置的局域网加密迁移功能在本地设备之间直接传输。

#### 我该如何将原有的密码（如从 Chrome 或 iPhone 原生密码）导入到 HidnKey 中？
HidnKey 支持通过安全的 CSV 文件一键导入您已有的账号密码。您可以将 Chrome 浏览器或 iOS「设置 -> 密码」中的数据导出为 CSV，然后在 HidnKey 内选择导入，即可在几秒钟内完成无缝迁移。所有导入和解析均在您的本地设备上安全进行，您的密码绝不会被上传或泄露。

---

## 🔗 Official Resource Links / 官方资源链接
- **Official Website**: [https://hidnkey.com/](https://hidnkey.com/)
- **Privacy Policy**: [https://hidnkey.com/privacy](https://hidnkey.com/privacy)
- **Terms of Service**: [https://hidnkey.com/terms](https://hidnkey.com/terms)
- **Platform Compatibility**: iOS 15+, Android 9+
- **Languages**: English, Simplified Chinese (简体中文), Japanese (日本語), Korean (한국어)