mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-01-01 10:46:15 -05:00
Re-transform key on implicit KDBX 4 upgrade to avoid losing challenge-response, resolves #1584
This commit is contained in:
parent
0d4aff55bc
commit
6f6a63f5e9
@ -85,7 +85,15 @@ bool KeePass2Writer::writeDatabase(QIODevice* device, Database* db) {
|
|||||||
m_error = false;
|
m_error = false;
|
||||||
m_errorStr.clear();
|
m_errorStr.clear();
|
||||||
|
|
||||||
if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 && !implicitUpgradeNeeded(db)) {
|
bool upgradeNeeded = implicitUpgradeNeeded(db);
|
||||||
|
if (upgradeNeeded) {
|
||||||
|
// We MUST re-transform the key, because challenge-response hashing has changed in KDBX 4.
|
||||||
|
// If we forget to re-transform, the database will be saved WITHOUT a challenge-response key component!
|
||||||
|
db->changeKdf(KeePass2::uuidToKdf(KeePass2::KDF_AES_KDBX4));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3) {
|
||||||
|
Q_ASSERT(!upgradeNeeded);
|
||||||
m_version = KeePass2::FILE_VERSION_3_1;
|
m_version = KeePass2::FILE_VERSION_3_1;
|
||||||
m_writer.reset(new Kdbx3Writer());
|
m_writer.reset(new Kdbx3Writer());
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user