Closes#10783
Adds three database configuration options (stored as public custom data) that allow a database to have a public name/summary, color, and/or icon to be displayed on the unlock screen. This information is configured in the Database Settings and stored in the database public custom data (ie, unencrypted).
The name/summary is stored in KPXC_PUBLIC_NAME, the color is stored in KPXC_PUBLIC_COLOR, and the icon is stored in KPXC_PUBLIC_ICON.
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Fixes#11044 - password generator excluded characters tooltip was incorrect
* Fixes#11084 - allow more than 30 days for showing expiring passwords. Also fix the ability to properly translate this control.
* Fixes#11212 - don't show password on creating new database
* Fixes#10726 - improve indication of hardware key polling. Also improve layout spacing of unlock dialog.
* Fixes#11142 - provide better link for challenge-response information
Fix a bug in the database key settings dialog, where it was previously
always incorrectly applying an empty password if the password was not
changed but some other change was made (e.g. adding or removing a key
file).
Includes following changes:
* Encryption Settings now has a similar key with the new database wizard for switching between Advanced and Simple Settings
* The extra UI layer DatabaseSettingsDialog.ui has been removed. DatabaseSettingsDialog class now inherits EditWidget instead of DialogyWidget (just like Application Settings).
* Extra classes for separate page settings (DatabaseSettingsPageFdoSecrets, DatabaseSettingsPageKeeShare) have been removed. Instead the widgets are used directly in DatabaseSettingsDialog. Same could be done later to Application
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Fixes#10723 - only display password strength warning when actively editing the password
* Also improve behavior of minimum quality warning
* Improve behavior and handling of password changes with the database settings dialog
* Prevents loss of newly entered password when toggling between elements in the settings page
* On error, switch to tab that prevents saving database settings for easier correction
* Provide remote database sync capability
Allow arbitrary commands to be defined and executed for syncing databases with remote services. This includes sftp, scp, rsync, etc.
Remote commands are stored per-database and sync operations are manually triggered by the user from the Database -> Remote Sync menu.
---------
Co-authored-by: Stefan Forstenlechner <t-h-e@users.noreply.github.com>
Co-authored-by: Jonathan White <support@dmapps.us>
* Fixes#10455
* Fixes#10432
* Fixes#10415
Prevent setting critical key components to nullptr when database data is cleared. This can result in a crash due to race condition between threads.
Added a bunch of asserts to detect this problem and if guards to prevent actual crashes.
* Previously our base style sheet added roughly 20px of margin to the top and bottom of all QGroupBox. This caused visual errors where that margin was not needed/desired.
* Transferred padding to the specific layouts instead where it belongs.
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)
* Add custom message box button "Continue with weak password"
Closes#5991Closes#3337 - Support fingerprint readers on Linux
Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier.
Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Fixes#6190
Remove the advanced settings checkbox and replace with a dedicated tab widget interface to toggle between basic and advanced encryption settings.
Add a new propery autosaveDelay in Metadata of the db.
The property is saved in customData to not affect database structure as this setting is unique to keepasxc.
The propery sets delay to wait since last modification before saving.
Co-authored-by: jNullj <jNullj@users.noreply.github.com>
* Fix#8952 - move translations for Cipher and KDF strings into evaluated code instead of globally defined code. The strings were being baked prior to the language being set resulting in only english being displayed.
* Fix#7487 - Botan does not use threads when calculating Argon2 KDF leading to very poor performance for a parallelism value > 1.
* Include port file for vcpkg backed builds
* Special thanks to @HexF and @smlu for their contributions towards this feature.
* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.
* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.
* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.
* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.
* Prevent quick unlock when using AutoOpen or opening from the command line.
Shows a warning when trying to open with a newer minor version than what is currently supported.
We always try to save with the lowest KDBX version possible for maximum compatibility.
This change adds a new database settings widget
named "maintenance", using a wrench icon. This widget is designated to be the home for database related maintenance tasks.
Initially, managing custom icons is now possible from that new tab. The feature includes bulk removing of
any number of selected custom icons and automatic purging of unused custom icons by the click of a button.
Fixes#2110
Definitions:
* Database Key - Cryptographic hash used to perform encrypt/decrypt of the database.
* Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key.
Changes:
* Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above.
* Clean up wording in the UI to be clearer to the end user.
- Unify widget layouts and margins
- Fix tab order on a bunch of widgets
- Fix broken entry/group edit form layout and replace with grid layout
- Rearrange some settings for better logical grouping
- Fix some settings checkboxes not being enabled/disabled on load
- Fix "General" settings tab scrolling
- Rename "Root" group to "Passwords"
- Update demo.kdbx accordingly and redownload favicons
- Change entry path display to use slash separators
- Reduce Medium and Large icon sizes slightly
* Removed option to attach KeePassXC to the browser extension. Users must use the proxy application to communicate with KeePassXC.
* Significantly streamlined proxy code. Used same implementation of stdin/stdout interface across all platforms.
* Moved browser service entry point to BrowserService class instead of NativeMessagingHost. BrowserService now coordinates the communication to/from clients.
* Moved settings page definition out of MainWindow
* Decoupled BrowserService from DatabaseTabWidget
* Reduced complexity of various functions and cleaned the ABI (public vs private).
* Eliminated BrowserClients class, moved functionality into the BrowserService
* Renamed HostInstaller to NativeMessageInstaller and renamed NativeMessageHost to BrowserHost.
* Recognize XDG_CONFIG_HOME when installing native message file on Linux. Fix#4121 and fix#4123.
Replaces all string configuration options with enum types
that can be checked by the compiler. This prevents spelling
errors, in-place configuration definitions, and inconsistent
default values. The default value config getter signature was
removed in favour of consistently and centrally default-initialised
configuration values.
Individual default values were adjusted for better security,
such as the default password length, which was increased from
16 characters to 32.
The already existing config option deprecation map was extended
by a general migration procedure using configuration versioning.
Settings were split into Roaming and Local settings, which
go to their respective AppData locations on Windows.
Fixes#2574Fixes#2193
Introduce a password health check to the application that evaluates every entry in a database. Entries that fail various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports widget. Recycled entries are excluded from the results.
We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.
Tests include passwords that are expired, re-used, and weak.
* Closes#551
* Move zxcvbn usage to a centralized class (PasswordHealth) and replace its usages across the application to ensure standardized interpretation of entropy calculations.
* Add new icons for the database reports view
* Updated the demo database to show off the reports
Added an option to set the target decryption time on database creation
for the CLI create command. This required some refactoring, in
particular the extraction of the min, max and defaut decryption times in
the `Kdf` module. Some work was done to allow changing those constant
only in the `Kdf` module, should we ever want to change them.
Removes unnecessary & from strings in settings widgets. These cause confusion and complicate translation. They are unnecessary as all dialogs allow efficient tabbing between elements.
Also add colons after several settings with input boxes and remove a hard stop.
Improve wording of strings based on translator feedback.
Fix case sensitive matching of CLI Export.
