Starksoft Sierra Password Manager

What makes Starksoft Sierra different from other password managers?

Unlike cloud-based password managers, Sierra is a standalone application that can be used completely offline. Every secret is uniquely encrypted and protected by hardware security using a Yubikey with PIN and touch security and policies. When you use Starksoft Sierra, you must first decrypt your database using your Yubikey and unique Yubikey PIN. However, even though your database is decrypted, every secret is still uniquely encrypted and protected by hardware security using a Yubikey. Each secret is decrypted using the Yubikey with a specific Yubikey enforced policy. This is very different than other password managers that decrypt the entire database after the password data is opened and decrypted.

Can I use this for Bitcoin and cryptocurrency wallets?

Starksoft Sierra is ideal for storing Bitcoin wallet passwords, private keys, and other cryptocurrency secrets. The hardware-based encryption provides high security for high-value digital assets.

What happens if I lose my Yubikey?

By design, you will lose access to your Sierra database secrets if you lose your Yubikey. Therefore, we recommend initializing multiple Yubikeys during setup for backup or shared access. We recommend personalizing at least 2 to 3 Yubikeys and storing them in separate secure locations. Each Yubikey can have a different PIN. If a Yubikey is lost, you can revoke (remove) the Yubikey from your Sierra database. You can then use your remaining Yubikeys to access your Sierra database secrets.

Does this work on air-gapped computers?

Yes. Starksoft Sierra is specifically designed for air-gapped environments. It has zero network capabilities and no external dependencies, making it ideal for high-security environments.

What security technology is being used on the Yubikey to protect my secrets?

The Yubikey 5 series devices support a NIST US government security standard for federal employees called Personal Identity Verification or PIV. PIV Smart Cards incorporate advanced cryptographic algorithms for secure data transmission and storage. The Yubikey 5 series devices implement the NIST SP 800-73 PIV Smart Card standard. Yubikey 5 series devices support PIV RSA and ECC encryption / decryption, private key storage protected by hardware security, public key storage, cryptographically secure random number generation in addition to physical security features such as a touch sensors and PINs. The Yubikey PIV functions lock after a user-controllable number of failed PIN attempts. Starksoft Sierra is tightly integrated with the Yubikey 5 series secure PIV implementation to protect your secrets.

What are the defense-in-depth strategies used in the Starksoft Sierra application?

The Starksoft Sierra application implements a defense-in-depth strategy to protect your secrets. The application implements a number of security defense-in-depth features to protect your secrets.

• Hardware security
• Private RSA keys stored and protected inside Yubikey
• Memory security (custom protected memory)
• Storage security
• Application security
• UI security
• No file logging
• No network capabilities
• No external 3rd party dependencies

Is there a limit to the number of secrets I can store?

For the personal free version, there is a limit of 50 secret entries that can be stored per database. For the commercial version, there is no limit to the number of secrets you can store in Starksoft Sierra. You can store as many secrets as you want.

How many Yubikeys can I use?

There is no limit to the number of Yubikeys you can use with Starksoft Sierra. You can register as many Yubikeys as you want for each database.

Does Startsoft Sierra work with other PIV compliant hardware security devices?

No, Starksoft Sierra is specifically designed to work with Yubikey 5 Series hardware security devices.

Can I use my existing Yubikey 5 Series MFA device with Starksoft Sierra?

Yes, if you have an existing Yubikey 5 Series device that are are using for MFA (Multi Factor Authentication) but is not being used as a PIV Smart Card, you can use it with Starksoft Sierra. The personalization process will not affect the existing MFA functionality of the Yubikey.

Are you using any cloud services?

No, Starksoft Sierra is a standalone application that has no cloud dependencies.

Are you using any 3rd party libraries to interface with the Yubikey?

No, Starksoft Sierra does not use any 3rd party libraries to communicate with Yubikey.

What 3rd party libraries are used to do cryptographic operations?

Starksoft Sierra uses the latest stable version of OpenSSL (3.5.x) to perform RSA public key encryption, AES cryptographic operations, and cryptographically secure random number generation. The Yubikey hardware performs all RSA private key decryption operations wielding the private key stored inside the Yubikey. OpenSSL is statically linked into the Sierra application. Sierra does not use the OpenSSL shared library on the target platform Operation System.