Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-01-10 06:49:50 -05:00
Code Issues Packages Projects Releases Wiki Activity
7d7c635423
keepassxc/src/gui/DatabaseOpenWidget.cpp

549 lines
19 KiB
C++
Raw Normal View History

Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
/*
* Copyright (C) 2011 Felix Geyer <debfx@fobos.de>
Update and fix copyright headers
2017-06-09 17:40:36 -04:00
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 or (at your option)
* version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
#include "DatabaseOpenWidget.h"
#include "ui_DatabaseOpenWidget.h"
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
Optimize includes across code base
2021-07-11 22:10:29 -04:00
#include "config-keepassx.h"
Use an own FileDialog class instead of QFileDialog.
2011-12-25 19:21:29 -05:00
#include "gui/FileDialog.h"
Move icon handling from Resources to gui/Icons (#5506)
2020-10-05 20:41:00 -04:00
#include "gui/Icons.h"
Formatting the code.
2018-03-31 16:01:30 -04:00
#include "gui/MainWindow.h"
Add a QMessageBox wrapper class to help gui tests. QMessageBox displays modal dialogs which blocks the gui tests. To work around this we add a MessageBox wrapper class where the tests can set the answer for the next dialog. The answer is then returned without actually showing the dialog.
2013-10-08 16:09:20 -04:00
#include "gui/MessageBox.h"
Fix challenge-response key data after Botan * Fix #6420 * Refactor Challenge-Response key files to be more streamlined. Added a test to confirm raw key data is accurate.
2021-04-22 23:07:49 -04:00
#include "keys/ChallengeResponseKey.h"
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
#include "keys/FileKey.h"
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
Optimize includes across code base
2021-07-11 22:10:29 -04:00
#ifdef Q_OS_MACOS
#include "touchid/TouchID.h"
#endif
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
#ifdef Q_CC_MSVC
#include "winhello/WindowsHello.h"
#endif
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
#include <QCheckBox>
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
#include <QDesktopServices>
#include <QFont>
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
namespace
{
constexpr int clearFormsDelay = 30000;
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
bool isQuickUnlockAvailable()
{
if (config()->get(Config::Security_QuickUnlock).toBool()) {
#if defined(Q_CC_MSVC)
return getWindowsHello()->isAvailable();
#elif defined(Q_OS_MACOS)
return TouchID::getInstance().isAvailable();
#endif
}
return false;
}
bool canPerformQuickUnlock(const QString& filename)
{
if (isQuickUnlockAvailable()) {
#if defined(Q_CC_MSVC)
return getWindowsHello()->hasKey(filename);
#elif defined(Q_OS_MACOS)
return TouchID::getInstance().containsKey(filename);
#endif
}
Q_UNUSED(filename);
return false;
}
} // namespace
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
DatabaseOpenWidget::DatabaseOpenWidget(QWidget* parent)
Coding style fixes
2017-03-10 14:42:59 -05:00
: DialogyWidget(parent)
, m_ui(new Ui::DatabaseOpenWidget())
, m_db(nullptr)
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
{
m_ui->setupUi(this);
Replaced MessageBox dialogs with inline MessageWidget in DatabaseOpenWidget.
2015-01-19 18:14:59 -05:00
m_ui->messageWidget->setHidden(true);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_hideTimer.setInterval(clearFormsDelay);
m_hideTimer.setSingleShot(true);
connect(&m_hideTimer, &QTimer::timeout, this, [this] {
// Reset the password field after being hidden for a set time
m_ui->editPassword->setText("");
m_ui->editPassword->setShowPassword(false);
});
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
QFont font;
font.setPointSize(font.pointSize() + 4);
Make DatabaseOpenWidget a bit prettier.
2012-07-02 12:47:12 -04:00
font.setBold(true);
m_ui->labelHeadline->setFont(font);
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
m_ui->labelHeadline->setText(tr("Unlock KeePassXC Database"));
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
m_ui->quickUnlockButton->setFont(font);
m_ui->quickUnlockButton->setIcon(
icons()->icon("fingerprint", true, palette().color(QPalette::Active, QPalette::HighlightedText)));
m_ui->quickUnlockButton->setIconSize({32, 32});
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
connect(m_ui->buttonBrowseFile, SIGNAL(clicked()), SLOT(browseKeyFile()));
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
auto okBtn = m_ui->buttonBox->button(QDialogButtonBox::Ok);
okBtn->setText(tr("Unlock"));
okBtn->setDefault(true);
Move the code to open database files from DatabaseTabWidget to DatabaseOpenDialog.
2012-04-05 13:03:55 -04:00
connect(m_ui->buttonBox, SIGNAL(accepted()), SLOT(openDatabase()));
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
connect(m_ui->buttonBox, SIGNAL(rejected()), SLOT(reject()));
gui: Clear YubiKeys detected on each load * Clear the YubiKey detected list on each load. * In the event the YubiKey was removed, it will no longer be displayed. * If it's still present it won't be duplicated.
2017-01-14 20:08:48 -05:00
Move icon handling from Resources to gui/Icons (#5506)
2020-10-05 20:41:00 -04:00
m_ui->hardwareKeyLabelHelp->setIcon(icons()->icon("system-help").pixmap(QSize(12, 12)));
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
connect(m_ui->hardwareKeyLabelHelp, SIGNAL(clicked(bool)), SLOT(openHardwareKeyHelp()));
Move icon handling from Resources to gui/Icons (#5506)
2020-10-05 20:41:00 -04:00
m_ui->keyFileLabelHelp->setIcon(icons()->icon("system-help").pixmap(QSize(12, 12)));
Make the purpose of the key file field clearer. The new unlock dialogue seems to confuse users as to what the purpose of the key file is. This patch changes the generic "Select file..." affordance to the more explicit "Select key file..." and adds a help button to the label just like the one we already have for the hardware key. Furthermore, it prevents the user from using the KDBX file as its own key file (since that would never work anyway). The change breaks existing translations on purpose (instead of simply adjusting the en_US locale) in order to force translators to update this string for their languages. Resolves #3678
2019-11-06 05:10:02 -05:00
connect(m_ui->keyFileLabelHelp, SIGNAL(clicked(bool)), SLOT(openKeyFileHelp()));
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
#ifdef WITH_XC_YUBIKEY
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->hardwareKeyProgress->setVisible(false);
QSizePolicy sp = m_ui->hardwareKeyProgress->sizePolicy();
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
sp.setRetainSizeWhenHidden(true);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->hardwareKeyProgress->setSizePolicy(sp);
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
connect(m_ui->buttonRedetectYubikey, SIGNAL(clicked()), SLOT(pollHardwareKey()));
connect(YubiKey::instance(), SIGNAL(detectComplete(bool)), SLOT(hardwareKeyResponse(bool)), Qt::QueuedConnection);
connect(YubiKey::instance(), &YubiKey::userInteractionRequest, this, [this] {
// Show the press notification if we are in an independent window (e.g., DatabaseOpenDialog)
if (window() != getMainWindow()) {
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) * Support NFC readers for hardware tokens using PC/SC This requires a new library dependency: PCSC. The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used. * Split hardware key access into multiple classes to handle different methods of communicating with the keys. * Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB. * Add PC/SC interface for YubiKey challenge-response This new interface uses the PC/SC protocol and API instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device. Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader. This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library. * Remove PC/SC ATR whitelist, instead scan for AIDs Before, a whitelist of ATR codes (answer to reset, hardware-specific) was used to scan for compatible (Yubi)Keys. Now, every connected smartcard is scanned for AIDs (applet identifier), which are known to implement the HMAC-SHA1 protocol. This enables the support of currently unknown or unreleased hardware. Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
m_ui->messageWidget->showMessage(tr("Please present or touch your YubiKey to continue…"),
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
MessageWidget::Information,
MessageWidget::DisableAutoHide);
}
});
connect(YubiKey::instance(), &YubiKey::challengeCompleted, this, [this] { m_ui->messageWidget->hide(); });
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
#else
Hide YubiKey labels on unlock screen when compiled without XC_YUBIKEY (#3664)
2019-10-25 13:35:16 -04:00
m_ui->hardwareKeyLabel->setVisible(false);
m_ui->hardwareKeyLabelHelp->setVisible(false);
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
m_ui->buttonRedetectYubikey->setVisible(false);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->challengeResponseCombo->setVisible(false);
m_ui->hardwareKeyProgress->setVisible(false);
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
#endif
Merge branch 'develop' into feature/yubikey
2017-02-20 14:24:38 -05:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
// QuickUnlock actions
connect(m_ui->quickUnlockButton, &QPushButton::pressed, this, [this] { openDatabase(); });
connect(m_ui->resetQuickUnlockButton, &QPushButton::pressed, this, [this] { resetQuickUnlock(); });
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
}
DatabaseOpenWidget::~DatabaseOpenWidget()
{
}
Force focus on password field, resolves #116 (#117) Also remove redudant code for minimizing to tray
2016-11-26 09:37:25 -05:00
void DatabaseOpenWidget::showEvent(QShowEvent* event)
{
DialogyWidget::showEvent(event);
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
if (isOnQuickUnlockScreen()) {
m_ui->quickUnlockButton->setFocus();
if (!canPerformQuickUnlock(m_filename)) {
resetQuickUnlock();
}
} else {
m_ui->editPassword->setFocus();
}
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_hideTimer.stop();
Force focus on password field, resolves #116 (#117) Also remove redudant code for minimizing to tray
2016-11-26 09:37:25 -05:00
}
Both slots on Yubikey are now polled for challenge/response
2017-10-07 21:25:42 -04:00
void DatabaseOpenWidget::hideEvent(QHideEvent* event)
{
DialogyWidget::hideEvent(event);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
// Schedule form clearing if we are hidden
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
if (!isVisible()) {
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_hideTimer.start();
Fix bugs introduced by database refactor #2491 (#2503) * Fix SSHAgent identity removal on database lock * Refactor storage and manipulation of SSHAgent keys to streamline process with multiple db's * Clear password field when widget is hidden, resolves #2502
2018-11-23 07:49:55 -05:00
}
Both slots on Yubikey are now polled for challenge/response
2017-10-07 21:25:42 -04:00
}
Use QSaveFile to save databases.
2012-07-06 12:50:52 -04:00
void DatabaseOpenWidget::load(const QString& filename)
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
{
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
clearForms();
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
m_filename = filename;
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
m_ui->fileNameLabel->setRawText(m_filename);
Remember last key file.
2011-12-25 14:36:45 -05:00
Refactor Config. Replaces all string configuration options with enum types that can be checked by the compiler. This prevents spelling errors, in-place configuration definitions, and inconsistent default values. The default value config getter signature was removed in favour of consistently and centrally default-initialised configuration values. Individual default values were adjusted for better security, such as the default password length, which was increased from 16 characters to 32. The already existing config option deprecation map was extended by a general migration procedure using configuration versioning. Settings were split into Roaming and Local settings, which go to their respective AppData locations on Windows. Fixes #2574 Fixes #2193
2020-04-25 19:31:38 -04:00
if (config()->get(Config::RememberLastKeyFiles).toBool()) {
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
auto lastKeyFiles = config()->get(Config::LastKeyFiles).toHash();
Issue #270 - turning off key location memory Add general settting for whether or not to remember last key files
2015-03-14 23:06:53 -04:00
if (lastKeyFiles.contains(m_filename)) {
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->keyFileLineEdit->setText(lastKeyFiles[m_filename].toString());
Issue #270 - turning off key location memory Add general settting for whether or not to remember last key files
2015-03-14 23:06:53 -04:00
}
Remember last key file.
2011-12-25 14:36:45 -05:00
}
Focus the password line edit by default.
2012-04-22 14:57:42 -04:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
if (canPerformQuickUnlock(m_filename)) {
m_ui->centralStack->setCurrentIndex(1);
m_ui->quickUnlockButton->setFocus();
} else {
m_ui->editPassword->setFocus();
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
#ifdef WITH_XC_YUBIKEY
// Only auto-poll for hardware keys if we previously used one with this database file
if (config()->get(Config::RememberLastKeyFiles).toBool()) {
auto lastChallengeResponse = config()->get(Config::LastChallengeResponse).toHash();
if (lastChallengeResponse.contains(m_filename)) {
pollHardwareKey();
}
}
#endif
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
}
Clear database open dialog before and after merging a database (#958)
2017-09-23 11:43:29 -04:00
void DatabaseOpenWidget::clearForms()
{
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
setUserInteractionLock(false);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->editPassword->setText("");
m_ui->editPassword->setShowPassword(false);
m_ui->keyFileLineEdit->clear();
Hide keyfile path by default Fixes #5576
2020-12-04 08:01:36 -05:00
m_ui->keyFileLineEdit->setShowPassword(false);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->challengeResponseCombo->clear();
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
m_ui->centralStack->setCurrentIndex(0);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_db.reset();
Clear database open dialog before and after merging a database (#958)
2017-09-23 11:43:29 -04:00
}
Refactor Database and Database widgets (#2491) The Database, DatabaseWidget, and DatabaseTabWidget classes share many responsibilities in inconsistent ways resulting in impenetrable and unmaintainable code and a diverse set of bugs and architecture restrictions. This patch reworks the architecture, responsibilities of, and dependencies between these classes. The core changes are: * Move loading and saving logic from widgets into the Database class * Get rid of the DatabaseManagerStruct and move all the information contained in it into the Database * Let database objects keep track of modifications and dirty/clean state instead of handing this to external widgets * Move GUI interactions for loading and saving from the DatabaseTabWidget into the DatabaseWidget (resolves #2494 as a side-effect) * Heavily clean up DatabaseTabWidget and degrade it to a slightly glorified QTabWidget * Use QSharedPointers for all Database objects * Remove the modifiedImmediate signal and replace it with a markAsModified() method * Implement proper tabName() method instead of reading back titles from GUI widgets (resolves #1389 and its duplicates #2146 #855) * Fix unwanted AES-KDF downgrade if database uses Argon2 and has CustomData * Improve code This patch is also the first major step towards solving issues #476 and #2322.
2018-11-22 05:47:31 -05:00
QSharedPointer<Database> DatabaseOpenWidget::database()
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
{
Move the code to open database files from DatabaseTabWidget to DatabaseOpenDialog.
2012-04-05 13:03:55 -04:00
return m_db;
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
QString DatabaseOpenWidget::filename()
{
return m_filename;
}
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
void DatabaseOpenWidget::enterKey(const QString& pw, const QString& keyFile)
Allow passing a filename and password on the command line. Passing passwords on the command line is not exactly best practice but will greatly improve development productivity.
2012-04-24 05:47:16 -04:00
{
Fix opening files from command line * Fix #2877 - password is unchecked by default * Smarter activation of key components based on contents of text entry fields * Prevent multiple copies of the same database from opening when the canonicalFileName != fileName
2019-03-26 22:23:16 -04:00
m_ui->editPassword->setText(pw);
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->keyFileLineEdit->setText(keyFile);
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
m_blockQuickUnlock = true;
Allow passing a filename and password on the command line. Passing passwords on the command line is not exactly best practice but will greatly improve development productivity.
2012-04-24 05:47:16 -04:00
openDatabase();
}
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
void DatabaseOpenWidget::openDatabase()
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
{
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
// Cache this variable for future use then reset
bool blockQuickUnlock = m_blockQuickUnlock || isOnQuickUnlockScreen();
m_blockQuickUnlock = false;
setUserInteractionLock(true);
Fix regression: Hide password before unlocking database Fixes #7724
2022-03-29 15:31:54 -04:00
m_ui->editPassword->setShowPassword(false);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->messageWidget->hide();
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
QCoreApplication::processEvents();
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
const auto databaseKey = buildDatabaseKey();
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
if (!databaseKey) {
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
setUserInteractionLock(false);
Fix double warning display for database open
2017-10-05 14:44:05 -04:00
return;
}
Implement database locking. Closes #35
2012-10-12 06:12:00 -04:00
Refactor Database and Database widgets (#2491) The Database, DatabaseWidget, and DatabaseTabWidget classes share many responsibilities in inconsistent ways resulting in impenetrable and unmaintainable code and a diverse set of bugs and architecture restrictions. This patch reworks the architecture, responsibilities of, and dependencies between these classes. The core changes are: * Move loading and saving logic from widgets into the Database class * Get rid of the DatabaseManagerStruct and move all the information contained in it into the Database * Let database objects keep track of modifications and dirty/clean state instead of handing this to external widgets * Move GUI interactions for loading and saving from the DatabaseTabWidget into the DatabaseWidget (resolves #2494 as a side-effect) * Heavily clean up DatabaseTabWidget and degrade it to a slightly glorified QTabWidget * Use QSharedPointers for all Database objects * Remove the modifiedImmediate signal and replace it with a markAsModified() method * Implement proper tabName() method instead of reading back titles from GUI widgets (resolves #1389 and its duplicates #2146 #855) * Fix unwanted AES-KDF downgrade if database uses Argon2 and has CustomData * Improve code This patch is also the first major step towards solving issues #476 and #2322.
2018-11-22 05:47:31 -05:00
QString error;
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
m_db.reset(new Database());
Remove obsolete read only state from database. (#7324)
2022-01-28 21:26:53 -05:00
bool ok = m_db->open(m_filename, databaseKey, &error);
Correctly set KDBX envelope version Shows a warning when trying to open with a newer minor version than what is currently supported. We always try to save with the lowest KDBX version possible for maximum compatibility.
2021-11-19 18:32:09 -05:00
Fix crash when switching tabs while unlocking
2020-01-20 09:47:02 -05:00
if (ok) {
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
// Warn user about minor version mismatch to halt loading if necessary
if (m_db->hasMinorVersionMismatch()) {
QScopedPointer<QMessageBox> msgBox(new QMessageBox(this));
msgBox->setIcon(QMessageBox::Warning);
msgBox->setWindowTitle(tr("Database Version Mismatch"));
msgBox->setText(tr("The database you are trying to open was most likely\n"
"created by a newer version of KeePassXC.\n\n"
"You can try to open it anyway, but it may be incomplete\n"
"and saving any changes may incur data loss.\n\n"
"We recommend you update your KeePassXC installation."));
auto btn = msgBox->addButton(tr("Open database anyway"), QMessageBox::ButtonRole::AcceptRole);
msgBox->setDefaultButton(btn);
msgBox->addButton(QMessageBox::Cancel);
msgBox->exec();
if (msgBox->clickedButton() != btn) {
m_db.reset(new Database());
m_ui->messageWidget->showMessage(tr("Database unlock canceled."), MessageWidget::MessageType::Error);
setUserInteractionLock(false);
return;
Fix crash when switching tabs while unlocking
2020-01-20 09:47:02 -05:00
}
}
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
// Save Quick Unlock credentials if available
if (!blockQuickUnlock && isQuickUnlockAvailable()) {
auto keyData = databaseKey->serialize();
#if defined(Q_CC_MSVC)
// Store the password using Windows Hello
getWindowsHello()->storeKey(m_filename, keyData);
#elif defined(Q_OS_MACOS)
// Store the password using TouchID
TouchID::getInstance().storeKey(m_filename, keyData);
Fix crash when switching tabs while unlocking
2020-01-20 09:47:02 -05:00
#endif
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
m_ui->messageWidget->hideMessage();
}
Fix crash when switching tabs while unlocking
2020-01-20 09:47:02 -05:00
emit dialogFinished(true);
clearForms();
} else {
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
if (!isOnQuickUnlockScreen() && m_ui->editPassword->text().isEmpty() && !m_retryUnlockWithEmptyPassword) {
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
QScopedPointer<QMessageBox> msgBox(new QMessageBox(this));
msgBox->setIcon(QMessageBox::Critical);
msgBox->setWindowTitle(tr("Unlock failed and no password given"));
msgBox->setText(tr("Unlocking the database failed and you did not enter a password.\n"
"Do you want to retry with an \"empty\" password instead?\n\n"
"To prevent this error from appearing, you must go to "
"\"Database Settings / Security\" and reset your password."));
auto btn = msgBox->addButton(tr("Retry with empty password"), QMessageBox::ButtonRole::AcceptRole);
msgBox->setDefaultButton(btn);
msgBox->addButton(QMessageBox::Cancel);
msgBox->exec();
if (msgBox->clickedButton() == btn) {
m_retryUnlockWithEmptyPassword = true;
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
setUserInteractionLock(false);
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
openDatabase();
return;
}
}
Fix crash when switching tabs while unlocking
2020-01-20 09:47:02 -05:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
setUserInteractionLock(false);
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
m_retryUnlockWithEmptyPassword = false;
Improved error messages when opening database * Reduced wording and confusion * Streamlined delivery format * Fix #813
2019-04-05 08:31:37 -04:00
m_ui->messageWidget->showMessage(error, MessageWidget::MessageType::Error);
Retain quick unlock if Hardware Key is missing * The hardware key missing error message is properly shown and the user can try to Quick Unlock again after plugging in or tapping the hardware key in time.
2022-03-10 16:13:13 -05:00
if (!isOnQuickUnlockScreen()) {
// Focus on the password field and select the input for easy retry
m_ui->editPassword->selectAll();
m_ui->editPassword->setFocus();
}
Implement database locking. Closes #35
2012-10-12 06:12:00 -04:00
}
}
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
QSharedPointer<CompositeKey> DatabaseOpenWidget::buildDatabaseKey()
Implement database locking. Closes #35
2012-10-12 06:12:00 -04:00
{
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
auto databaseKey = QSharedPointer<CompositeKey>::create();
Move the code to open database files from DatabaseTabWidget to DatabaseOpenDialog.
2012-04-05 13:03:55 -04:00
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
if (canPerformQuickUnlock(m_filename)) {
// try to retrieve the stored password using Windows Hello
QByteArray keyData;
#ifdef Q_CC_MSVC
if (!getWindowsHello()->getKey(m_filename, keyData)) {
// Failed to retrieve Quick Unlock data
m_ui->messageWidget->showMessage(tr("Failed to authenticate with Windows Hello"), MessageWidget::Error);
return {};
}
#elif defined(Q_OS_MACOS)
if (!TouchID::getInstance().getKey(m_filename, keyData)) {
// Failed to retrieve Quick Unlock data
m_ui->messageWidget->showMessage(tr("Failed to authenticate with Touch ID"), MessageWidget::Error);
return {};
}
#endif
databaseKey->setRawKey(keyData);
return databaseKey;
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
}
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
if (!m_ui->editPassword->text().isEmpty() || m_retryUnlockWithEmptyPassword) {
databaseKey->addKey(QSharedPointer<PasswordKey>::create(m_ui->editPassword->text()));
Add TouchID support on macOS
2018-04-04 11:39:26 -04:00
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
auto lastKeyFiles = config()->get(Config::LastKeyFiles).toHash();
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
lastKeyFiles.remove(m_filename);
Remember last key file.
2011-12-25 14:36:45 -05:00
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
auto key = QSharedPointer<FileKey>::create();
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
QString keyFilename = m_ui->keyFileLineEdit->text();
if (!keyFilename.isEmpty()) {
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
QString errorMsg;
Add a new database settings wizard This patch implements a new database wizard to guide users through the process of setting up a new database and choosing sane encryption settings. It also reimplements the master key settings to be more user-friendly. Users can now add, change, or remove individual composite key components instead of having to set all components at once. This avoids confusion about a password being reset if the user only wants to add a key file. With these changes comes a major refactor of how database composite keys and key components are handled. Copying of keys is prohibited and each key exists only once in memory and is referenced via shared pointers. GUI components for changing individual keys are encapsulated into separate classes to be more reusable. The password edit and generator widgets have also been refactored to be more reusable.
2018-05-13 17:21:43 -04:00
if (!key->load(keyFilename, &errorMsg)) {
Improved error messages when opening database * Reduced wording and confusion * Streamlined delivery format * Fix #813
2019-04-05 08:31:37 -04:00
m_ui->messageWidget->showMessage(tr("Failed to open key file: %1").arg(errorMsg), MessageWidget::Error);
Add a new database settings wizard This patch implements a new database wizard to guide users through the process of setting up a new database and choosing sane encryption settings. It also reimplements the master key settings to be more user-friendly. Users can now add, change, or remove individual composite key components instead of having to set all components at once. This avoids confusion about a password being reset if the user only wants to add a key file. With these changes comes a major refactor of how database composite keys and key components are handled. Copying of keys is prohibited and each key exists only once in memory and is referenced via shared pointers. GUI components for changing individual keys are encapsulated into separate classes to be more reusable. The password edit and generator widgets have also been refactored to be more reusable.
2018-05-13 17:21:43 -04:00
return {};
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
}
Add support for version 2 XML key files. As discussed in #4317, the next KeePass2 release will ship with support for a new generation of XML key files which enable hash integrity checks. This patch adds support for reading and generating this new format. By default, KeePass2 now uses the .keyx extension for generated key files, which was added to KeePassXC's key generation file chooser filter. We continue to generate hashed binary key files by default, but the user can explicitly save the file with the new .keyx extension to generate an XML v2 key file (currently undocumented). When opening a database, the key file type is still determined by content negotation, so the file extension has no impact here. As an additional change, the legacy key file warnings have been improved slightly to be less confusing and more helpful.
2020-12-09 19:28:01 -05:00
if (key->type() != FileKey::KeePass2XMLv2 && key->type() != FileKey::Hashed
&& !config()->get(Config::Messages_NoLegacyKeyFileWarning).toBool()) {
Add warning when using legacy key file formats.
2017-12-27 08:20:28 -05:00
QMessageBox legacyWarning;
Add support for version 2 XML key files. As discussed in #4317, the next KeePass2 release will ship with support for a new generation of XML key files which enable hash integrity checks. This patch adds support for reading and generating this new format. By default, KeePass2 now uses the .keyx extension for generated key files, which was added to KeePassXC's key generation file chooser filter. We continue to generate hashed binary key files by default, but the user can explicitly save the file with the new .keyx extension to generate an XML v2 key file (currently undocumented). When opening a database, the key file type is still determined by content negotation, so the file extension has no impact here. As an additional change, the legacy key file warnings have been improved slightly to be less confusing and more helpful.
2020-12-09 19:28:01 -05:00
legacyWarning.setWindowTitle(tr("Old key file format"));
legacyWarning.setText(tr("You are using an old key file format which KeePassXC may<br>"
"stop supporting in the future.<br><br>"
"Please consider generating a new key file by going to:<br>"
Address translation feedback from Transifex
2021-02-14 19:15:10 -05:00
"<strong>Database &gt; Database Security &gt; Change Key File.</strong><br>"));
Add warning when using legacy key file formats.
2017-12-27 08:20:28 -05:00
legacyWarning.setIcon(QMessageBox::Icon::Warning);
legacyWarning.addButton(QMessageBox::Ok);
legacyWarning.setDefaultButton(QMessageBox::Ok);
legacyWarning.setCheckBox(new QCheckBox(tr("Don't show this warning again")));
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
connect(legacyWarning.checkBox(), &QCheckBox::stateChanged, this, [](int state) {
Refactor Config. Replaces all string configuration options with enum types that can be checked by the compiler. This prevents spelling errors, in-place configuration definitions, and inconsistent default values. The default value config getter signature was removed in favour of consistently and centrally default-initialised configuration values. Individual default values were adjusted for better security, such as the default password length, which was increased from 16 characters to 32. The already existing config option deprecation map was extended by a general migration procedure using configuration versioning. Settings were split into Roaming and Local settings, which go to their respective AppData locations on Windows. Fixes #2574 Fixes #2193
2020-04-25 19:31:38 -04:00
config()->set(Config::Messages_NoLegacyKeyFileWarning, state == Qt::CheckState::Checked);
Add warning when using legacy key file formats.
2017-12-27 08:20:28 -05:00
});
legacyWarning.exec();
}
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
databaseKey->addKey(key);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
lastKeyFiles.insert(m_filename, keyFilename);
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
}
Refactor Config. Replaces all string configuration options with enum types that can be checked by the compiler. This prevents spelling errors, in-place configuration definitions, and inconsistent default values. The default value config getter signature was removed in favour of consistently and centrally default-initialised configuration values. Individual default values were adjusted for better security, such as the default password length, which was increased from 16 characters to 32. The already existing config option deprecation map was extended by a general migration procedure using configuration versioning. Settings were split into Roaming and Local settings, which go to their respective AppData locations on Windows. Fixes #2574 Fixes #2193
2020-04-25 19:31:38 -04:00
if (config()->get(Config::RememberLastKeyFiles).toBool()) {
config()->set(Config::LastKeyFiles, lastKeyFiles);
Issue #270 - turning off key location memory Add general settting for whether or not to remember last key files
2015-03-14 23:06:53 -04:00
}
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
#ifdef WITH_XC_YUBIKEY
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
auto lastChallengeResponse = config()->get(Config::LastChallengeResponse).toHash();
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
lastChallengeResponse.remove(m_filename);
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
int selectionIndex = m_ui->challengeResponseCombo->currentIndex();
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
if (selectionIndex > 0) {
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
auto slot = m_ui->challengeResponseCombo->itemData(selectionIndex).value<YubiKeySlot>();
Fix challenge-response key data after Botan * Fix #6420 * Refactor Challenge-Response key files to be more streamlined. Added a test to confirm raw key data is accurate.
2021-04-22 23:07:49 -04:00
auto crKey = QSharedPointer<ChallengeResponseKey>(new ChallengeResponseKey(slot));
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
databaseKey->addChallengeResponseKey(crKey);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
// Qt doesn't read custom types in settings so stuff into a QString
lastChallengeResponse.insert(m_filename, QStringLiteral("%1:%2").arg(slot.first).arg(slot.second));
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
}
Refactor Config. Replaces all string configuration options with enum types that can be checked by the compiler. This prevents spelling errors, in-place configuration definitions, and inconsistent default values. The default value config getter signature was removed in favour of consistently and centrally default-initialised configuration values. Individual default values were adjusted for better security, such as the default password length, which was increased from 16 characters to 32. The already existing config option deprecation map was extended by a general migration procedure using configuration versioning. Settings were split into Roaming and Local settings, which go to their respective AppData locations on Windows. Fixes #2574 Fixes #2193
2020-04-25 19:31:38 -04:00
if (config()->get(Config::RememberLastKeyFiles).toBool()) {
config()->set(Config::LastChallengeResponse, lastChallengeResponse);
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
}
Hide UI elements when KeePassXC was compiled without -DWITH_XC_YUBIKEY
2017-02-20 19:06:32 -05:00
#endif
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
Replace "Master Key" with "Database Credentials" Definitions: * Database Key - Cryptographic hash used to perform encrypt/decrypt of the database. * Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key. Changes: * Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above. * Clean up wording in the UI to be clearer to the end user.
2020-07-01 19:16:40 -04:00
return databaseKey;
Implement opening/closing databases.
2011-11-13 08:55:20 -05:00
}
Automatically check password checkbox and make toggle password button work.
2011-11-16 12:46:09 -05:00
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
void DatabaseOpenWidget::reject()
{
Refactor Database and Database widgets (#2491) The Database, DatabaseWidget, and DatabaseTabWidget classes share many responsibilities in inconsistent ways resulting in impenetrable and unmaintainable code and a diverse set of bugs and architecture restrictions. This patch reworks the architecture, responsibilities of, and dependencies between these classes. The core changes are: * Move loading and saving logic from widgets into the Database class * Get rid of the DatabaseManagerStruct and move all the information contained in it into the Database * Let database objects keep track of modifications and dirty/clean state instead of handing this to external widgets * Move GUI interactions for loading and saving from the DatabaseTabWidget into the DatabaseWidget (resolves #2494 as a side-effect) * Heavily clean up DatabaseTabWidget and degrade it to a slightly glorified QTabWidget * Use QSharedPointers for all Database objects * Remove the modifiedImmediate signal and replace it with a markAsModified() method * Implement proper tabName() method instead of reading back titles from GUI widgets (resolves #1389 and its duplicates #2146 #855) * Fix unwanted AES-KDF downgrade if database uses Argon2 and has CustomData * Improve code This patch is also the first major step towards solving issues #476 and #2322.
2018-11-22 05:47:31 -05:00
emit dialogFinished(false);
Convert DatabaseOpenDialog into a widget on DatabaseWidget.
2012-06-28 03:21:15 -04:00
}
void DatabaseOpenWidget::browseKeyFile()
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
{
Add support for version 2 XML key files. As discussed in #4317, the next KeePass2 release will ship with support for a new generation of XML key files which enable hash integrity checks. This patch adds support for reading and generating this new format. By default, KeePass2 now uses the .keyx extension for generated key files, which was added to KeePassXC's key generation file chooser filter. We continue to generate hashed binary key files by default, but the user can explicitly save the file with the new .keyx extension to generate an XML v2 key file (currently undocumented). When opening a database, the key file type is still determined by content negotation, so the file extension has no impact here. As an additional change, the legacy key file warnings have been improved slightly to be less confusing and more helpful.
2020-12-09 19:28:01 -05:00
QString filters = QString("%1 (*);;%2 (*.keyx; *.key)").arg(tr("All files"), tr("Key files"));
Use an own FileDialog class instead of QFileDialog.
2011-12-25 19:21:29 -05:00
QString filename = fileDialog()->getOpenFileName(this, tr("Select key file"), QString(), filters);
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
Make the purpose of the key file field clearer. The new unlock dialogue seems to confuse users as to what the purpose of the key file is. This patch changes the generic "Select file..." affordance to the more explicit "Select key file..." and adds a help button to the label just like the one we already have for the hardware key. Furthermore, it prevents the user from using the KDBX file as its own key file (since that would never work anyway). The change breaks existing translations on purpose (instead of simply adjusting the en_US locale) in order to force translators to update this string for their languages. Resolves #3678
2019-11-06 05:10:02 -05:00
if (QFileInfo(filename).canonicalFilePath() == QFileInfo(m_filename).canonicalFilePath()) {
Run code formatter
2019-11-18 01:57:04 -05:00
MessageBox::warning(this,
tr("Cannot use database file as key file"),
tr("You cannot use your database file as a key file.\nIf you do not have a key file, "
"please leave the field empty."),
MessageBox::Button::Ok);
Make the purpose of the key file field clearer. The new unlock dialogue seems to confuse users as to what the purpose of the key file is. This patch changes the generic "Select file..." affordance to the more explicit "Select key file..." and adds a help button to the label just like the one we already have for the hardware key. Furthermore, it prevents the user from using the KDBX file as its own key file (since that would never work anyway). The change breaks existing translations on purpose (instead of simply adjusting the en_US locale) in order to force translators to update this string for their languages. Resolves #3678
2019-11-06 05:10:02 -05:00
filename = "";
}
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
if (!filename.isEmpty()) {
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->keyFileLineEdit->setText(filename);
Implement opening databases with key files.
2011-12-24 13:19:52 -05:00
}
}
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
void DatabaseOpenWidget::clearKeyFileText()
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
{
Fix minor UX issues with DB Open Widget * Only clear password field when switching tabs or minimizing. This prevents the setting "Remember Key Files and Hardware Keys" from being useless with multiple databases. * Convert key file field to Line Edit, simplifies usage. Fix clear field button as well. * Removed need for clearForms to check if the database is being opened (was a solution to tab switching while unlocking, no longer a problem).
2020-06-06 09:54:57 -04:00
m_ui->keyFileLineEdit->clear();
Hide keyfile path by default Fixes #5576
2020-12-04 08:01:36 -05:00
m_ui->keyFileLineEdit->setShowPassword(false);
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
void DatabaseOpenWidget::pollHardwareKey()
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
{
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
if (m_pollingHardwareKey) {
return;
}
m_ui->challengeResponseCombo->clear();
m_ui->challengeResponseCombo->addItem(tr("Detecting hardware keys…"));
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
m_ui->buttonRedetectYubikey->setEnabled(false);
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->challengeResponseCombo->setEnabled(false);
m_ui->hardwareKeyProgress->setVisible(true);
m_pollingHardwareKey = true;
Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals
2017-02-23 17:52:36 -05:00
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
YubiKey::instance()->findValidKeys();
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
void DatabaseOpenWidget::hardwareKeyResponse(bool found)
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
{
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->challengeResponseCombo->clear();
m_ui->buttonRedetectYubikey->setEnabled(true);
m_ui->hardwareKeyProgress->setVisible(false);
m_pollingHardwareKey = false;
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
if (!found) {
m_ui->challengeResponseCombo->addItem(tr("No hardware keys detected"));
m_ui->challengeResponseCombo->setEnabled(false);
return;
} else {
m_ui->challengeResponseCombo->addItem(tr("Select hardware key…"));
}
YubiKeySlot lastUsedSlot;
Refactor Config. Replaces all string configuration options with enum types that can be checked by the compiler. This prevents spelling errors, in-place configuration definitions, and inconsistent default values. The default value config getter signature was removed in favour of consistently and centrally default-initialised configuration values. Individual default values were adjusted for better security, such as the default password length, which was increased from 16 characters to 32. The already existing config option deprecation map was extended by a general migration procedure using configuration versioning. Settings were split into Roaming and Local settings, which go to their respective AppData locations on Windows. Fixes #2574 Fixes #2193
2020-04-25 19:31:38 -04:00
if (config()->get(Config::RememberLastKeyFiles).toBool()) {
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
auto lastChallengeResponse = config()->get(Config::LastChallengeResponse).toHash();
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
if (lastChallengeResponse.contains(m_filename)) {
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
// Qt doesn't read custom types in settings so extract from QString
auto split = lastChallengeResponse.value(m_filename).toString().split(":");
if (split.size() > 1) {
lastUsedSlot = YubiKeySlot(split[0].toUInt(), split[1].toInt());
}
Remember if challenge-response was used for each database and allow to re-detect Yubikeys without closing the database first
2017-02-20 16:07:01 -05:00
}
}
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
int selectedIndex = 0;
for (auto& slot : YubiKey::instance()->foundKeys()) {
// add detected YubiKey to combo box
m_ui->challengeResponseCombo->addItem(YubiKey::instance()->getDisplayName(slot), QVariant::fromValue(slot));
// Select this YubiKey + Slot if we used it in the past
if (lastUsedSlot == slot) {
selectedIndex = m_ui->challengeResponseCombo->count() - 1;
}
}
Both slots on Yubikey are now polled for challenge/response
2017-10-07 21:25:42 -04:00
Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869
2020-04-06 08:42:20 -04:00
m_ui->challengeResponseCombo->setCurrentIndex(selectedIndex);
m_ui->challengeResponseCombo->setEnabled(true);
gui: Add YubiKey support to widgets * Add YubiKey support to the GUI widgets. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2014-05-26 03:49:28 -04:00
}
Redesign database unlock widget. (#3287) With this change we get rid of the confusing key component checkboxes. Now a component is either there or not (if left empty). There is no redundant distinction between "unset" and "emtpy" anymore. For compatibility with older databases that have "empty" passwords, KeePassXC will ask if the user wants to retry with an empty password if unlocking failed and the password field was left blank. Besides these functional changes, the widget's layout has been rearranged to be more compact, less stretched out (e.g. input fields do not fill the full window width anymore), and more user-friendly by providing a help tooltip for the hardware key field and accessible descriptions for screen readers.
2019-06-22 12:00:31 -04:00
void DatabaseOpenWidget::openHardwareKeyHelp()
{
Make the purpose of the key file field clearer. The new unlock dialogue seems to confuse users as to what the purpose of the key file is. This patch changes the generic "Select file..." affordance to the more explicit "Select key file..." and adds a help button to the label just like the one we already have for the hardware key. Furthermore, it prevents the user from using the KDBX file as its own key file (since that would never work anyway). The change breaks existing translations on purpose (instead of simply adjusting the en_US locale) in order to force translators to update this string for their languages. Resolves #3678
2019-11-06 05:10:02 -05:00
QDesktopServices::openUrl(QUrl("https://keepassxc.org/docs#faq-cat-yubikey"));
}
void DatabaseOpenWidget::openKeyFileHelp()
{
QDesktopServices::openUrl(QUrl("https://keepassxc.org/docs#faq-cat-keyfile"));
}
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
void DatabaseOpenWidget::setUserInteractionLock(bool state)
{
if (state) {
QApplication::setOverrideCursor(QCursor(Qt::WaitCursor));
m_ui->centralStack->setEnabled(false);
} else {
// Ensure no override cursors remain
while (QApplication::overrideCursor()) {
QApplication::restoreOverrideCursor();
}
m_ui->centralStack->setEnabled(true);
}
}
bool DatabaseOpenWidget::isOnQuickUnlockScreen()
{
return m_ui->centralStack->currentIndex() == 1;
}
Clear quick unlock secrets when database tab is closed
2022-03-29 18:03:35 -04:00
/**
* Reset installed quick unlock secrets.
*
* It's safe to call this method even if quick unlock is unavailable.
*/
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
void DatabaseOpenWidget::resetQuickUnlock()
{
Clear quick unlock secrets when database tab is closed
2022-03-29 18:03:35 -04:00
if (!isQuickUnlockAvailable()) {
return;
}
Add support for Windows Hello * Special thanks to @HexF and @smlu for their contributions towards this feature. * Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future. * Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain. * Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified. * Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly. * Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-21 20:40:01 -05:00
#if defined(Q_CC_MSVC)
getWindowsHello()->reset(m_filename);
#elif defined(Q_OS_MACOS)
TouchID::getInstance().reset(m_filename);
#endif
load(m_filename);
}
Reference in New Issue Copy Permalink