Commit Graph

49 Commits

Author SHA1 Message Date
christianwengert
c7d318236f Prevent duplicate entries in passphrase wordlists
Replace a QVector for the wordlist with a QSet. This removes all duplicate entries in a given wordlist.
Thus, it hinders a malicious wordlist that has the proper length (>4000 entries) but with repetitions (effectively << 4000 entries) to be used and potentially create weaker passphrases than estimated.

Example:
List with 4000 items but only 64 unique words would lead to only 48 bit of Entropy instead of ~95 bit!
2024-08-22 00:21:38 -04:00
sforst
1ca607792d
Support remote database access using external tools (#7222)
* Provide remote database sync capability

Allow arbitrary commands to be defined and executed for syncing databases with remote services. This includes sftp, scp, rsync, etc. 

Remote commands are stored per-database and sync operations are manually triggered by the user from the Database -> Remote Sync menu. 

---------

Co-authored-by: Stefan Forstenlechner <t-h-e@users.noreply.github.com>
Co-authored-by: Jonathan White <support@dmapps.us>
2024-06-13 06:23:41 -04:00
Jonathan White
1896883382 Bitwarden and 1PUX importer improvements
* Fixes #10400
  - Support TOTP entries with bare secrets instead of otpauth urls for Bitwarden. Vice-versa for 1PUX.
  - Support Bitwarden Argon2id encryption scheme

* Fixes #10380 - Support Bitwarden organization collections
2024-04-29 08:51:01 -04:00
Jonathan White
e700195f0a Add 1Password 1PUX and Bitwarden JSON Importers
* Closes #7545 - Support 1Password 1PUX import format based on https://support.1password.com/1pux-format/

* Closes #8367 - Support Bitwarden JSON import format (both unencrypted and encrypted) based on https://bitwarden.com/help/encrypted-export/

* Fixes #9577 - OPVault import when fields have the same name or type

* Introduce the import wizard to handle all import tasks (CSV, KDBX1, OPVault, 1PUX, JSON)

* Clean up CSV parser code to make it much more efficient and easier to read

* Combine all importer tests (except CSV) into one test file
2024-03-09 10:44:54 -05:00
Matthew Donoughe
ab95690043
CLI: Add Unicode support on Windows (#8618) 2022-10-29 08:07:31 -04:00
Andre Blanke
7d37f65ad0 CLI: Add commands to handle attachments
* Add commands to manipulate entry attachments from the CLI
* Closes #4462

* Add the following commands:
  attachment-export: Exports the content of an attachment to a specified file.

  attachment-import: Imports the attachment into an entry. An existing attachment with the same name may be overwritten if the -f option is specified.

  attachment-rm: Removes the named attachment from an entry.

* Add --show-attachments  to the show command
2021-11-07 17:27:16 -05:00
Chih-Hsuan Yen
bc5d0df19e
Fix removing encrypted ASN.1 keys from ssh-agent (#6804)
Contents of id_rsa-encrypted-asn1 are from
TestOpenSSHKey::testDecryptRSAAES128CBC().

Closes #6788
2021-08-08 09:36:06 -04:00
Jonathan White
8a7be101e4 CLI Improvements
* Fix #6001 - only use `--notes` in Add/Edit commands to prevent clash with password generator option `-n`.

* Fix #6119 - Send Unicode to clip command; Windows only understands UTF-16 encoding.

* Fix #6128 - `clip` command will default to clearing the clipboard after 10 seconds. To disable clearing set timeout to 0.
2021-04-25 07:38:21 -04:00
Aetf
9a8a5a0006
FdoSecrets: Major Refactor and Code Consolidation (#5747)
* Fixes #3837

* Change objects to use DBusMgr rather than separate adaptors
  - Update all DBus invokable methods to new parameter order
  - Change all usage of DBusReturn to simpler DBusResult
  - Use DBusMgr to handle path and service registration
  - Remove adaptor/*
  - Set path in DBusObject
  - Unregister service when service is destroyed
  - Restore handling of invalid QVariant in prompt complete signal
  - Clean up meta type registration
  - Move dbus related file together
  - Convert to QSharedPointer as much as possible
  - Fix mapping of the Delete method
  - Handle dbus property get all

* Add per-client states
  - Move cipher negotiation to DBusClient
  - Show list of clients instead of sessions in the settings page
  - Add settings for confirmation of accessing items
  - Fix infinite recursion when client disconnected
  - Use optional explicit DBusClient parameter instead. This makes accessing 
    the client info in an async context explicit, and thus prevent accidental 
    assertions in prompts.

* Improve User Interface
  - Add per-item access confirmation (if enabled)
  - Remove the "disable for site" button for the access control dialog
  - Improve the text on the settings page to be more consistent
  - Fix disconnect buttons in settings page not working
  - Make the unlock prompt method nonblocking

* Fix and cleanup unit tests
  - Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
  - Fixes in meta type registration and type conversion
  - Remove QStringLiteral in COMPARE macros, making diff output readable
  - Add testing for remembering auth decision
2021-02-05 15:07:59 -05:00
Janek Bevendorff
cd0084f21c Add support for version 2 XML key files.
As discussed in #4317, the next KeePass2 release will ship with
support for a new generation of XML key files which enable
hash integrity checks.

This patch adds support for reading and generating this new format.
By default, KeePass2 now uses the .keyx extension for generated
key files, which was added to KeePassXC's key generation file chooser
filter. We continue to generate hashed binary key files by default,
but the user can explicitly save the file with the new .keyx
extension to generate an XML v2 key file (currently undocumented).

When opening a database, the key file type is still determined
by content negotation, so the file extension has no impact here.

As an additional change, the legacy key file warnings have been
improved slightly to be less confusing and more helpful.
2020-12-19 09:42:21 -05:00
Laurent Erignoux
f49f62d3be Add a best option to CLI command clip (#4489)
The best option copy the password from the best match if only one matching entry exists.

Adding clip best option documentation

Adding unit tests on the new clip --best option
2020-08-31 23:06:27 -04:00
Aetf
44779bc862 FdoSecrets: add unit tests 2020-05-27 22:07:25 -04:00
Jonathan White
a145bf9119 Complete refactor of Browser Integration classes
* Removed option to attach KeePassXC to the browser extension. Users must use the proxy application to communicate with KeePassXC.
* Significantly streamlined proxy code. Used same implementation of stdin/stdout interface across all platforms.
* Moved browser service entry point to BrowserService class instead of NativeMessagingHost. BrowserService now coordinates the communication to/from clients.
* Moved settings page definition out of MainWindow
* Decoupled BrowserService from DatabaseTabWidget
* Reduced complexity of various functions and cleaned the ABI (public vs private).
* Eliminated BrowserClients class, moved functionality into the BrowserService
* Renamed HostInstaller to NativeMessageInstaller and renamed NativeMessageHost to BrowserHost.
* Recognize XDG_CONFIG_HOME when installing native message file on Linux. Fix #4121 and fix #4123.
2020-05-14 17:14:17 -04:00
Jonathan White
612f8d2e5b Improve OPVault handling and replace test opvault
* Fix various bugs in opvault parsing to include: TOTP parsing, date handling, naming convention, attachments, and multiple url's.

* Remove category groups that don't have any entries.

* Simplify tests by focusing on the resulting database instead of the parsing mechanics.

* Remove proprietary "freddy" opvault in favor of self-made "keepassxc" opvault.

* Fix #4069, select opvault file on macOS
2020-05-14 15:17:28 -04:00
ameyer0
560209550c
Change settings checkbox texts to positive phrasing (#4715) 2020-05-10 21:35:08 -04:00
James Ring
71a39c37ec
Add --username option to Clip command. (#3947)
* make Clip accept an attribute name

This allows users to copy arbitrary attributes (e.g. username, notes,
URL) to the clipboard in addition to the password and TOTP values.

* update Clip manpage

* Add findAttributes to CLI utils

* Use case-insensitive search in Show command.

* Use case-insensitive search in Clip command.

Co-authored-by: louib <L0U13@protonmail.com>
2020-01-30 15:46:48 -05:00
louib
964478e78f CLI: Add Yubikey unlock support 2019-09-22 18:11:40 -04:00
varjolintu
77be468670 Fix crash when removing custom data 2019-09-07 07:50:08 -04:00
Jonathan White
0e0cba653f CLI: add 'analyze' subcommand for offline HIBP breach checks
This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords.

Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
2019-06-25 15:37:40 -04:00
Balazs Gyurak
05c11d1b7c CLI: Add 'flatten' option to the 'ls' command (#3276)
* Fixes #925 
* Add 'flatten' option to CLI ls command
* Add test for Group::hierarchy() and man page for ls --flatten
* Rename group sort test to align with others
2019-06-18 20:42:19 -04:00
Jonathan White
125a81f2ed Implement 1Password Vault Import
* Support importing 1Password vaults (.opvault folders) into KDBX database
* Entry attributes are filled based on section and field name
* Expiration dates are set for entries
* Entry URL's are set from a wider array of fields
2019-05-19 18:21:34 -04:00
Jonathan White
13a9ac8f57 Adding --no-password option to CLI
I also added tests for the --key-file option, which was
untested.
2019-03-24 09:23:26 -04:00
Felix Fontein
a7dd9f19f4 CLI: add commands to show and copy TOTP to clipboard (#2454)
* Add CLI commands show --totp and totp-clip for handling TOTPs, resolves #2429.
* Adding tests for new CLI TOTP commands
* Update keepassxc-cli man page.
2018-11-09 21:58:42 -05:00
Weslly
44c9469221 Remove obsolete database repair feature 2018-09-25 21:20:47 -04:00
Janek Bevendorff
e6c19fdcb1 Add MockChallengeResponseKey and additional composite key component test 2018-03-01 19:26:18 -05:00
Janek Bevendorff
5410d78bbb Properly save custom header data
Ensure adding custom data upgrades to KDBX4
Implement review feedback
2018-02-21 13:23:14 +01:00
Jonathan White
bef7ba2cfe
Implements KDBX4 format with Argon2 KDF
* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF
2018-01-13 14:24:55 -05:00
Vladimir Svyatski
5792bf1a85 Add skeleton for TestDatabase.cpp and test data for unit tests for the "empty recycle bin" functionality 2017-04-22 12:38:36 +03:00
Jonathan White
e25cd9ba48 Add Merge database utility function (#47)
Thank you to @TheZ3ro and @monomon for there major contributions to this PR!
2016-11-07 22:37:42 -05:00
Florian Geyer
8d16522d39 Repair UUID of inconsistent history items.
Closes #130
2016-08-03 23:48:40 +02:00
Felix Geyer
208b803fbe Fix KeePass2Repair to retain multi-byte UTF-8 chars.
Since char is (often) unsigned the ch < 0x20 check matched all
multi-byte encoded UTF-8 chars.
2016-02-02 00:41:16 +01:00
Felix Geyer
eb56bd8973 Add repair functionality to strip invalid XML chars.
Refs #392
2016-01-28 23:07:04 +01:00
Felix Geyer
2fa531745f Check XML key file for valid base64 before using it.
QByteArray::fromBase64() doesn't validate the input.

Closes #366
2015-11-01 18:32:15 +01:00
Felix Geyer
240919335f Add missing EmptyUuids.xml test file. 2015-07-14 22:20:56 +02:00
Felix Geyer
71d39865b3 Introduce a strict mode in KeePass2XmlReader.
Many errors are now ignored when not in strict mode so we can still parse
files that have been written by broken/incomplete implementations.
2014-12-01 21:52:51 +01:00
Felix Geyer
0ec29b2354 Raise error if we don't find exactly one root group. 2013-04-29 22:31:50 +02:00
Felix Geyer
f1bebe904a Add tests for broken databases.
Make sure we detect the error and don't crash.
2013-04-29 22:31:50 +02:00
Felix Geyer
18d3fe55f8 Add support for database format 3.01 (HeaderHash).
Add test for the format 3.00 and upgrade Compressed.kdbx, NonAscii.kdbx
and ProtectedStrings.kdbx to 3.01.

Add a test for an incorrect HeaderHash.
2012-09-25 22:33:36 +02:00
Felix Geyer
b6d9c2e486 Import Auto-Type associations in KeePass1Reader. 2012-07-19 23:21:12 +02:00
Felix Geyer
366d8a0f0e Set master key after reading the database. 2012-05-10 22:46:36 +02:00
Felix Geyer
2ecd11eb35 Add test for a non-ascii password. 2012-05-10 21:29:10 +02:00
Felix Geyer
cf4e574c50 Support Twofish encrypted KeePass 1 databases.
Refs #2
2012-05-10 21:06:33 +02:00
Felix Geyer
225e5dac66 Add tests for opening KeePass 1 databases with different keyfiles. 2012-05-10 19:34:55 +02:00
Felix Geyer
65f2790170 Parse KeePass 1 database meta streams.
Refs #2
2012-05-10 11:44:25 +02:00
Felix Geyer
79b15e2ac6 Implement support for parsing groups and entries from KeePass 1 databases.
Still missing:
- Key files.
- Twofish encryption.

Refs #2
2012-05-09 23:16:32 +02:00
Felix Geyer
ebce183925 Start implementing support for reading KeePass 1 databases.
For now only decrypting the database works.

Still missing:
- Actually parsing the database.
- Key files.

Refs #1
2012-05-08 22:06:12 +02:00
Felix Geyer
8acd6f74d8 Support KeePass format 3.00 (used by KeePass2 >= 2.15).
Closes #6

Attachments are now stored in a pool under Metadata instead of in entries.
The protected flag of attachments isn't supported anymore.
New metadata attributes: color, historyMaxItems and historyMaxSize.
Dropped metadata attribute: autoEnableVisualHiding.
2012-04-21 16:45:46 +02:00
Felix Geyer
f215ffa3fa Implement support for key files.
Closes #5.
2011-12-21 23:22:07 +01:00
Felix Geyer
e5bba14994 Move test data files into an own subdirectory. 2011-11-20 11:10:01 +01:00