Shows a warning when trying to open with a newer minor version than what is currently supported.
We always try to save with the lowest KDBX version possible for maximum compatibility.
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.
The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.
Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.
Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.
Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.
Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.
NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.
Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.
Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.
Greatly simplified Secret Service plugin's use of crypto functions with Botan.
* Fix#6303 - the text attribute in 1Password contains the actual text seen in 1Password whereas the name attribute may contain a ref pointer and not a name.
* Fixes#3541
* CSV export now includes TOTP settings, Entry Icon (database icon number only), Modified Time, and Created Time.
* CSV import properly understands time in ISO 8601 format and Unix Timestamp.
* CSV import will set the TOTP settings and entry icon based on the chosen column.
The previous version left a lot of white space to the
right of the table, meaning that more pages needed to
be printed for a paper backup. The table has been
reorganized. HTML Backup for the demo.kdbx database
is now down from 6 to 3 pages.
Definitions:
* Database Key - Cryptographic hash used to perform encrypt/decrypt of the database.
* Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key.
Changes:
* Remove the term "master" and "key" from the user's lexicon and clarify the code base based on the definitions above.
* Clean up wording in the UI to be clearer to the end user.
* Fix issues when Config options were renamed
* Fix compile issues when using clang 10
* Rearrange database menu icons and import database menu icons
* Set minimum size of MainWindow to 800 to prevent search bar from hiding
* Fix not saving password generator options when closing the standalone generator
* Add headers to health check reports
* Don't show hidden content dots when notes are hidden but empty.
* Fix saving new database files in SMB shares on Windows, fixes#4809
* Gracefully handle duplicate attachments :
Instead of bailing out with an error, prepend a random string to the name of duplicate attachment records. This prevents data loss from other programs that mishandled KDBX XML writing. Fixes#2493
* Properly handle blocked import of signed KeeShare database, fixes#4413
Original source of icons is the icon8 library (http://icons8.com/c/flat-color-icons) and Paomedia (https://github.com/paomedia/small-n-flat). All icons used are licensed MIT or CC0; annotated in COPYING.
* Closes#4071
* Increase default size of database icons to 24px and entry preview panel to 48px
* Add shell script to assemble the database icons
* Use QIcon to seamlessly support High DPI displays and pixmap caching
* Add badge support for KeeShare groups and expired entries.
* Guard against use of QPixmap::fromImage without a GUI
* Add SVG minify and improve `make icons`
Co-authored-by: Wolfram Rösler <wolfram@roesler-ac.de>
* Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC.
* Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write.
* Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize.
* Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations.
* Fixes#4400
* Fixes#4065
* Fixes#1050
* Fixes#1215
* Fixes#3087
* Fixes#1088
* Fixes#1869
Fixes#3398.
Convert to QTextStream for all CLI IO and greatly improve CLI tests
* Completely overhaul CLI tests to be much more streamlined and easy to read. Removed unnecessary code blocks by using existing functions.
Co-authored-by: Emma Brooks <me@pluvano.com>
* Fix various bugs in opvault parsing to include: TOTP parsing, date handling, naming convention, attachments, and multiple url's.
* Remove category groups that don't have any entries.
* Simplify tests by focusing on the resulting database instead of the parsing mechanics.
* Remove proprietary "freddy" opvault in favor of self-made "keepassxc" opvault.
* Fix#4069, select opvault file on macOS
* Wrap key transformation in AsyncTask when reading a database. Significantly reduces user interface lockup.
* Replace root group with new group instead of deleting the pointer (fulfills member validity promise).
* Changed `Extract` to `Export` to support additional formats
* Allow database expot as CSV. Added a `--format` option to the `Export` command for that, which defaults to xml, so the current behavior is unchanged.
*The `CsvExporter` had to be refactored a bit, but nothing major. It can
now print to a file or return a string.
* Fixes#3048
* Certain programs that read/write KDBX4 files do not consolidate duplicate attachments into a single binary. This is against the KDBX4 specification. This change ensures KeePassXC will at least read the database in its entirety and not lose information. Upon saving the database in KeePassXC, the duplicate attachment binaries will be reduced to single binaries per the specification.
* Support importing 1Password vaults (.opvault folders) into KDBX database
* Entry attributes are filled based on section and field name
* Expiration dates are set for entries
* Entry URL's are set from a wider array of fields
Previously, extracting the XML from a database was done with the
`saveXml` attribute in the `KeePass2Reader` class.
This had several unfortunate consequences:
* The `KdbxReader` class had to import the `KdbxXmlWriter` class
in order to perform the export (bad separation of concerns);
* The CLI database unlocking logic had to be duplicated only
for the `Extract` command;
* The `xmlData` had to be stored in the `KeePass2Reader` as
a temporary result.
* Lots of `setSaveXml` functions were implemented only
to trickle down this functionality.
Also, the naming of the `saveXml` variable was not really
helpful to understand it's role.
Overall, this change will make it easier to maintain and expand
the CLI database unlocking logic (for example, adding a `--no-password`
option as requested in https://github.com/keepassxreboot/keepassxc/issues/1873)
It also opens to door to other types of extraction/exporting (for
example exporting to CSV, as requested in
https://github.com/keepassxreboot/keepassxc/issues/2572)
* Fix#2251 and Fix#2674
* Icons stored with duplicate UUID's will be
assigned a new UUID on load. This causes entries
using the duplicate UUID to display the default icon.
