The private exponent d may be negative in which case an additional pad
byte is needed. Otherwise ssh-agent fails to load the key.
Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.
Fixes#10287.
Closes#2689
The design of the respective code is loosely based on KDE's KActionCollection. The ActionCollection manages all actions that can be shortcut configured. These actions are then exposed in the config and a user can assign a different shortcut.
Actions inside the MainWindow have been added to the ActionCollection.
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Fix#9847 - don't provide TOTP values if settings are blank or completely wrong
* Fix#6838 - don't reset the ui when creating a new entry and applying TOTP to it
* Move totp source into the core folder
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)
* Add custom message box button "Continue with weak password"
* Entry: re-parent before adding to new group
Adding the Entry to the Group will emit signals about the action.
Present the object with the correct parent already.
* fdosecrets: Item::Create() can fail
If an entry cannot be registered on DBus, Item::Create() will return a
nullptr. Basically, this can only happen if there is already an item
with the same UUID in the collection. The only viable option here is to
ignore the new entry.
* Merger: prevent duplicate entry when merging histories
If the source entry is newer, a copy of the entry is made. But before
moving the merged entry to the target group, it must be removed.
Otherwise there will be briefly two entries with the same UUID
in the same group/database.
Even though this is only the case during the transaction, it can still
be observed because the operations emit signals. A notable problem is
the fdosecrets feature that relies on the uniqueness of the UUID or will
otherwise run into problems because the UUID is used as part of the DBus
path.
Botan::secure_scrub_memory -> defined in mem_ops.h
Botan::secure_vector -> defined in secmem.h
The reason only including secmem.h worked in previous (<3.0) versions of
Botan was because secmem.h included mem_ops.h. This is no longer the
case since commit
randombit/botan@49dbbcb2bf (2023-10-11;
"Split out allocator helpers to allocator.h")
Fixes#10038
Closes#5991Closes#3337 - Support fingerprint readers on Linux
Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier.
Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Keepassxc saves application state at XDG_CACHE_HOME which can be cleared on some systems periodicly.
This is not desireable as app state like window size is not consistent when openning the app.
To avoid this this commit is switching the path to XDG_STATE_HOME which is more fitting based on the freedesktop basedir spec (https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html), this will allow to prevent state file deletion as well.
Resolves#9738
* Fix#7892 - Pressing escape when the quick unlock prompt is shown will now go back to the main unlock dialog view.
* Fix#9030 - Quick unlock will be automatically invoked in the unlock dialog upon being shown.
* Fix#9554 - Quick unlock application setting will be updated every time the settings widget is shown instead of just on first launch.
* Show warning that quick unlock is not enabled if user cancels Windows Hello prompt. This should limit people thinking there is a security issue. Also improve documentation describing this behavior.
* Disable quick unlock in gui tests
Fixes#6190
Remove the advanced settings checkbox and replace with a dedicated tab widget interface to toggle between basic and advanced encryption settings.
Add a new propery autosaveDelay in Metadata of the db.
The property is saved in customData to not affect database structure as this setting is unique to keepasxc.
The propery sets delay to wait since last modification before saving.
Co-authored-by: jNullj <jNullj@users.noreply.github.com>
* Fixes#9390
* Create one QCollator per entry view instead of creating one on every sort request. This greatly improves the speed of sorting and displaying entries.
* Rewrite recursive multiple placeholder replacement to use QRegularExpression
* SymmetricCipher: Fix Botan 3 build
Botan commit 819cf8fe6278a19b8266f449228f02fc28a4f784 changed
Botan::Cipher_Dir to be a scoped enumeration, so the users
must be adapted.
This change causes no issues with Botan 2 because normal
enumeration values can also be referred to the same way
scoped enumeration values are accessed.
* Auto detect Botan3
* AsyncTask: Do not use `std::result_of`
`std::result_of` was deprecated in C++17 and then it was
subsequently removed in C++20. One could use `std::invoke_result_t`,
but let Qt figure out the return type instead.
* Collapse Botan2 and Botan3 find package into one
* Update COPYING
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Fixes#7660
* Also fix code error in Icons::imageFormatsFilter. An inner loop looks for invalid characters in the code point, but erroneously calls `continue` within the inner loop when the intention was to continue in the outer loop. Fixed with a boolean test instead.
Enable buddy fields in group and entry edit pages
* Fixes#9060, you can now press Alt + [letter] to skip between fields on the group and entry edit pages.
* Move the expire checkbox to the right hand column and use the standard eye icon button for notes reveal. Only show notes reveal button if the hide notes setting is enabled.
Fix overflow of text in default auto-type sequence preview
* Fixes#9083
Add copy title shortcut (Ctrl + I)
* Closes#9109
Fix issues with menu actions being enabled incorrectly
Add accessibility description to password widget to explain how to hide/show passwords and open the generator
* Closes#9059
Add F6 shortcut to focus search
* Closes#9163
* Add configuration to hide TOTP in preview widget (shown by default).
* Retain the visibility of TOTP and other fields when the same entry remains selected in the preview panel.
* Fix disconnecting signals when switch entries / groups. This likely is going to fix crashes because we were compounding signals when focusing in on the main window.
* Fix#8952 - move translations for Cipher and KDF strings into evaluated code instead of globally defined code. The strings were being baked prior to the language being set resulting in only english being displayed.
The KeyCredentialManager::RequestCreateAsync call can fail because we can end up in a situation where Windows Hello is initially available but then becomes unavailable, such as during a remote desktop session. This commit prevents a crash by moving the call into the try-catch.
Fixes#7890
Also resets quick unlock if there is an unrecoverable error. This will not occur if the user merely canceled the Windows Hello dialog.
Supported key types are RSA, ECDSA and Ed25519.
Includes tests to compare writing out keys produce the exact same private key if read from OpenSSH format and tests against ssh-agent to ensure all no generated key is rejected.
[What]
1) The title was moved from dedicated column to a table caption.
2) The font size for notes was changed from medium to small.
3) The notes order was moved to the end.
4) The table margin and width were adjusted to fit into screen and
print pages.
[Why]
To have more readable output and utilize more page space.
With Qt 5.6, build fails with error below.
This is because in Qt 5.6, the 3rd argument is not optional. Starting from Qt
5.7 the default value for the 3rd argument is nullptr, so setting it to
nullptr.
https://doc.qt.io/archives/qt-5.6/qaction.html#QAction-2https://doc.qt.io/archives/qt-5.7/qaction.html#QAction-2
Error:
src/gui/tag/TagView.cpp:79:38: error: no matching constructor for initialization of 'QAction'
auto action = menu.exec({new QAction(icons()->icon("trash"), tr("Remove Search"))}, mapToGlobal(pos));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix detecting AES-256/GCM cipher, fixes#8964
When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end.
* Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM)
* Disable AES-256/GCM for now in ssh keys
Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying
the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
currently, when keepassxc is not running, the command `keepassxc --lock` opens a new keepass window and blocks until the window is closed.
Especially in locking scripts this is rather unexpected and Ican't think of a case where someone explicitly starts keepass with --lock and wants this behaviour.
Rather --lock should always ensure, that there are no unlocked instances and exiting afterwards
* Fixes#8626
* Also remove old feature to set the title of a new entry to the current search text. This only made sense before advanced searching was made available.
This was noted as a problem in several issues and it finally occurred to me and I traced it to the fact that a timing issue sometimes allowed the file watcher to trigger a "file changed" alert right when saving starts. I fixed this by moving where the mutex lock is made for saving and preventing database reload during a save operation.
* Fix focus issues with new PasswordWidget
* Fix focus wrapping when DatabaseTabWidget is not showing the tab bar
* Fix focus wrapping in EditWidget views to move between category list and contents. This is not a perfect fix, but Qt has a mind of its own with these complex widgets. This will be fixed in future Ui improvements that move away from the category widget.
* Fix#8099
* Clean up code that connects groups to the entry view. Instead of connecting ALL groups from ALL databases, we only need to connect the groups that entries actually belong to. This solves the bug and also reduces overhead.
* Fix#7139 - when opening database files from the command line, ensure the correct case is fed to the program to prevent case changes during saves.
* Cleanup old code (checking for .json extension) from when KeePassXC app could act as a proxy.
if you use the CLI with -t/--totp flag, the program prints out: "Entry's "password" attribute copied to the clipboard!"
expected output is "Entry's "totp" attribute copied to the clipboard!" the same when you run with -a totp
* Fix#8356 - Qt does not enable numeric aware sorting when using locale sort. Extracted both Windows and macOS locale aware sorting code and added the appropriate numeric aware flag.
Note: There is no std library way to do this so Linux is out of luck for now.
* Rename "Database Tags" to "Searches and Tags"
* Separate searching for all entries and resetting the search
* Support selecting multiple tags to search against
* Fix using escaped quotes in search terms
* Make tag searching more precise
* Support `is:expired-#` to search for entries expiring within # days. Exclude recycled entries from expired search.
* Don't list tags from entries that are recycled
* Force hide tag auto-completion menu when tag editing widget is hidden. On rare occasions the focus out signal is not called when the tag view is hidden (entry edit is closed), this resolves that problem.
* Remove spaces from before and after tags to prevent seemingly duplicate tags from being created.
* Also fix some awkward signal/slot dances that were setup over time with the entry view and preview widget.
Allow changing tags for multiple entries through context menu
* Closes#8277 - show context menu with currently available tags in database and checks those that are set on one or more selected entries. When a tag is selected it is either set or unset on all entries depending on its checked state.
* Add ability to save searches and recall them from the "Searches and Tags" view
* Add ability to remove a tag from all entries from the "Searches and Tags" view
* Cleanup tag handling and widgets
* Fix#7977 - wrap key signing request in try/catch block to prevent crashes on some machines.
* Fix#8120 - try 3 times to bring Windows Hello prompt to front. This may be necessary on older machines that are slow to bring up the prompt window.
Also remove defunct code on macOS to prevent window focus issues.
Systems like NixOS install software under unique paths, so persisting
the absolute file path in the generated .desktop file when enabling
autostart will eventually point at an outdated or nonexistent program.
Another possible issue with using Qt's `applicationFilePath()` is that
the final program's basename (`argv[0]`) might not be the same as what
the user initially executed to start KeePassXC.
Use the file name and thus rely on `PATH` lookup just like the static
.desktop file does to lift those issues and defer execution logic
(`PATH` lookup, wrapper scripts, etc.) to the operating system.
The top-level fields are currently not accessible from the CLI, which
makes it impossible to select entries or groups based on the UUID.
There are other top-level fields I believe, like the expiry date,
but I only added the two most critical fields for the moment.
* Fix#1090 - delay locking databases after minimize to allow for clipboard use, Auto-Type use, and browser integration use.
* Fix#6757 - prevent setting both minimize on unlock and lock on minimize settings at the same time.
The main window has both `Ctrl+PageUp` / `Ctrl+PageDown` and
`Ctrl+Tab / Ctrl+Shift+Tab` shortcuts to cycle the database tabs. When
in PR #5427 the abbility to select any open database in the unlock
dialog was introduced, only the `Ctrl+PageUp` / `Ctrl+PageDown`
shortcuts were added. This commit adds the `Ctrl+Tab / Ctrl+Shift+Tab`
shortcuts to the unlock diaglog to fix this inconsistent UI behaviour.
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
at least on Debian, a bullseye installation, the X11 development files
may be installed without the libxi-dev or the libxtest-dev packages.
this leads to the autotype shared library libkeepassxc-autotype-xcb.so
not being built without any complaint from cmake.
this commit makes cmake emit warning messages that shall hint anyone
building themselves that autotype will not work without these libs.
* Fix#7239 - prevent closing the database widget if the open dialog is still unlocking the database. This problem became slightly worse with quick unlock.
With this fix, if the user tries to close the database during unlock we will just ignore that request.
* Fix#7726 - Ignore BEEP Auto-Type token when it includes spaces and numbers as well
* Close#8103 - Allow specifying specific attribute to use with PICKCHARS. If none specified, it defaults to Password.
* Fix#7811 - Notes height no longer truncated
* Fix#7949 - Improve copying attribute value to clipboard in entry preview
* Fix#7898 - Prevent copying url when copy password selected after clicking url in preview pane
* Fix#7982 - Double clicking hidden attributes in preview pane copies the value instead of ●●●●●●
* Fixes#7776
Implement QRegularExpression::escape within Tools::convertToRegex to allow usage on older Qt versions.
Also wrap EXACT_MODIFIER patterns in a non-capture group to prevent misinterpreted regex.
Fix#7607 - Don't disable core dumps when building for snap distribution. Doing so will not allow the xdg-desktop-portal from opening the file dialog. This is because the portal attempts to call entries from /proc/[pid]/xxxx which are restricted to root when core dumps are disabled.
This commit implements the following logic:
* If there're already unlocked collections, just use those,
* otherwise, show the unlock dialog until there's an unlocked and exposed collection.
* Fixes#7574
Limit the use of zxcvbn based password entropy estimation to 256 bytes. After this threshold, the average per-byte entropy from the zxcvbn calculation is added for each additional byte. In practice, this produces a slightly higher entropy calculation for purely randomized passwords than zxcvbn would normally calculate. However, the time to calculate is capped leading to a much better user experience and removing unnecessary calculations.
Fixes#7712
This is mostly to ease setup and configuration with sandboxed browsers.
The socket currently existing in `$XDG_RUNTIME_DIR`. When sandboxing a browser, it would be unsafe to mount this directory inside the sandbox.
Mounting the socket into the sandbox's filesystem is also not possible in cases where KeePassXC is [re]started after the browser has started.
This commit moves the socket into its own isolated subdirectory, which can be safely mounted into sandboxes. Sandbox engines can create the directory themselves (in case the browser starts before KeePassXC). Both Flatpak and Firejail support this configuration.
A symlink is also created, linking the previous location to the new location. This is meant for backwards compatibility and should eventually be dropped.
The directory can't be named `org.keepassxc.KeePassXC.BrowserServer`,
since that would collide with the symlink. Instead, the directory has been created to match the format used for Flatpak builds, which make it a bit less of a snowflake build, while following accepted conventions.
Given that the preferred path now matches what Flatpak uses, the block handling Flatpak and non-Flatpak is now the same.
If `$XDG_RUNTIME_DIR` is undefined, the temporary directory is used, though reading the socket from this location is discouraged.
Closes: https://github.com/keepassxreboot/keepassxc/issues/8018
References: https://github.com/keepassxreboot/keepassxc/discussions/6741
In the password generator widget, the checkable push button for the math
symbols is missing the GREATER-THAN SIGN (U+003E), even though it is
among the possible characters during password generation when the button
is checked. Add the missing character to the text displayed to users.
While at it, also fix a wrong comment containing the possible
characters.
