Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.
The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.
Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.
Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.
Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.
Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.
NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.
Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.
Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.
Greatly simplified Secret Service plugin's use of crypto functions with Botan.
* Closes#4216
Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.
Introduce password health caching to prevent unnecessary calculations.
* Close#2603 - Add support for modifier syntax (+, ^, and %)
* Fix#2633 - Allow reference syntax {REF:...} in Auto-Type sequences
* Close#5334 - Tell the user which part of the Auto-Type sequence is invalid for easy correction
* Fix#2401 - Select the right window on macOS prior to starting Auto-Type
* Allow for nested placeholders
Significant improvements to the Auto-Type select dialog. Reduce stale and unnecessary code paths.
* Close select dialog when databases are locked.
* Close open modal dialogs prior to showing the Auto-Type select dialog to prevent interference.
* Never perform Auto-Type on the KeePassXC window.
* Only filter match list based on Group, Title, and Username column data (ie, ignore sequence column)
* Always show the sequence column (revert feature)
* Show selection dialog if there are no matches to allow for a database search
* Close#3630 - Allow typing {USERNAME} and {PASSWORD} from selection dialog (right-click menu).
* Close#429 - Ability to search open databases for an entry from the Auto-Type selection dialog.
* Fix#5361 - Default size of selection dialog doesn't cut off matches
* Fixes#3837
* Change objects to use DBusMgr rather than separate adaptors
- Update all DBus invokable methods to new parameter order
- Change all usage of DBusReturn to simpler DBusResult
- Use DBusMgr to handle path and service registration
- Remove adaptor/*
- Set path in DBusObject
- Unregister service when service is destroyed
- Restore handling of invalid QVariant in prompt complete signal
- Clean up meta type registration
- Move dbus related file together
- Convert to QSharedPointer as much as possible
- Fix mapping of the Delete method
- Handle dbus property get all
* Add per-client states
- Move cipher negotiation to DBusClient
- Show list of clients instead of sessions in the settings page
- Add settings for confirmation of accessing items
- Fix infinite recursion when client disconnected
- Use optional explicit DBusClient parameter instead. This makes accessing
the client info in an async context explicit, and thus prevent accidental
assertions in prompts.
* Improve User Interface
- Add per-item access confirmation (if enabled)
- Remove the "disable for site" button for the access control dialog
- Improve the text on the settings page to be more consistent
- Fix disconnect buttons in settings page not working
- Make the unlock prompt method nonblocking
* Fix and cleanup unit tests
- Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
- Fixes in meta type registration and type conversion
- Remove QStringLiteral in COMPARE macros, making diff output readable
- Add testing for remembering auth decision
* Fixes#3541
* CSV export now includes TOTP settings, Entry Icon (database icon number only), Modified Time, and Created Time.
* CSV import properly understands time in ISO 8601 format and Unix Timestamp.
* CSV import will set the TOTP settings and entry icon based on the chosen column.
* Fixes#5262
* Always reset the UUID on groups and entries moved or copied between databases. This prevents data loss when the group/entry is moved back to the original database.
The classes used for screen lock detection use QWidget and are only ever used by the GUI,
so moving them there so we can eventually build core/ without Qt5::Widgets.
* Fixes#5295
* Introduce a callback approach to AsyncTask instead of entering multiple QEventLoop in the stack. This has additional benefits including not returning to the original stack location and potentially operating on deleted objects (use after free).
* Closes#5447
* Add option `--okon <okon-cli path>` to trigger the use of the okon cli tool to process a database's entries. When using this option the `-H, --hibp` option must point to a post-processed okon file instead of the standard HIBP text file.
* Updated documentation
* Fix#5313, allow specifying local config path using environment variable and command line flag
* Add command line flag `--localconfig <path>` to specify a file path to use for the local configuration settings.
* Add environment variable support to set config files paths: `KPXC_CONFIG` and `KPXC_CONFIG_LOCAL` to override default locations.
* Reorder startup sequence to load specified config files earlier to allow for theme settings and other early options to be picked up.
* Removed old command line option `--pw`, no longer used.
* Attempt a fix of application not closing when last window is gone. Only set `QApplication::setQuitOnLastWindowClosed(true)` when tray icon is enabled instead of always.
* Fixes#3541
* CSV export now includes TOTP settings, Entry Icon (database icon number only), Modified Time, and Created Time.
* CSV import properly understands time in ISO 8601 format and Unix Timestamp.
* CSV import will set the TOTP settings and entry icon based on the chosen column.
* Fixes#5240
* Limit size of icons being loaded to prevent excessive memory usage in some cases
* Fix loading database icons, previous method would just overwrite the same pixmap and not actually provide caching.
* Fix#5107
* Change setting for non-data changes to Auto save on database lock (or not) instead of marking modified.
* When enabled, database will be auto-saved if there are only non-data changes, but will not prompt the user if saving has failed.
* When disabled, database will not auto-save if there are only non-data changes (same behavior as 2.5 and below) and will not mark the database dirty.
