* Split calls to finding hardware keys into sync and async methods. This has the side effect of simplifying the code.
* Check for keys before performing challenge/response if no keys have been found previously.
* Correct timeout of user interaction message to interact with the hardware key.
* Correct error in TestCli::testYubiKeyOption
Instead of running macdeployqt once for each extra helper binary and
plugin (plus the main run for the application itself), collect all the
binaries that should be processed and run macdeloyqt only once after
all the binaries have been installed.
This also moves the main app macdeployqt call from a POST_BUILD step
to an install(CODE) step, making increment rebuilds of the app faster.
To ensure that macdeployqt is called after all the binaries are
installed, a new post_install subdirectory is needed to
circumvent CMake's limitation regarding the default order of
installation.
CMake first runs the current directory install() calls and then it's
child subdirectory ones. Because we want macdeployqt to be the last
install() call, it needs to be done inside a subdirectory that is
added last.
Note due to a bug in macdeployqt, the deployed app inside the .dmg
file will fail to run on arm macs, due to broken code signature.
See https://bugreports.qt.io/browse/QTBUG-101696 for details.
For the final release, the release-tool should take care of proper
resigning.
CPack by default invokes the 'make install' target to install
all project files into a staging area for further packaging.
The order of installation follows the order of install() commands.
One of the first install() commands is the one that installs the
KeePassXC.app bundle and all the contents inside of it,
which includes POST_BUILD copied binaries like keepassxc-cli
and keepassxc-proxy.
Subsequent install(TARGETS) commands would then override the
keepassxc-cli and keepassxc-proxy binaries inside the staging area
with the ones which didn't have macdeployqt run on them (the ones from
src/cli and src/proxy).
Launching the binaries would then fail because of missing rpath
adjustments.
The libkeepassxc-autotype-cocoa.so library was working fine because
there is no install(TARGETS) command for it in a WITH_APP_BUNDLE build,
so the POST_BUILD copy with the adjusted rpaths was preserved.
To fix the issue and make the handling consistent, macdeployqt is no
longer run at POST_BUILD time, but instead at 'make install' time,
after each binary is installed by install(TARGETS).
libkeepassxc-autotype-cocoa.so also has its install command run
unconditionally now.
The build dir binaries that are POST_BUILD copied into
src/KeePassXC.app continue to run because they use the build dir
rpaths that CMake embeds by default. They don't macdeployqt run for
them anymore, which slightly speeds up the build time.
Fixes: #7475
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
* Add commands to manipulate entry attachments from the CLI
* Closes#4462
* Add the following commands:
attachment-export: Exports the content of an attachment to a specified file.
attachment-import: Imports the attachment into an entry. An existing attachment with the same name may be overwritten if the -f option is specified.
attachment-rm: Removes the named attachment from an entry.
* Add --show-attachments to the show command
* Closes#6335
* Modify application settings presentation to allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
* Support NFC readers for hardware tokens using PC/SC
This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.
* Split hardware key access into multiple classes to handle different methods of communicating with the keys.
* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.
* Add PC/SC interface for YubiKey challenge-response
This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.
Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.
This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.
* Remove PC/SC ATR whitelist, instead scan for AIDs
Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.
This enables the support of currently unknown or unreleased hardware.
Co-authored-by: Jonathan White <support@dmapps.us>
* Introduce search CLI command to replace locate command. Search can provide the same functionality but in a more fine-grained fashion
* Replace use of Group::locate in code: Use EntrySearcher in clip cli command best-match option. This removes the matching against group hierarchy of an entry which is kind of nonsense as clip expects exactly one match. Matching against groups can be done using search command.
* Remove obsolete Group::locate method
unset, wl-copy will try to guess the MIME-Type based on the data.
For some reason this did not work on my machine and i was unable
to paste passwords in Firefox.
* Fix#6001 - only use `--notes` in Add/Edit commands to prevent clash with password generator option `-n`.
* Fix#6119 - Send Unicode to clip command; Windows only understands UTF-16 encoding.
* Fix#6128 - `clip` command will default to clearing the clipboard after 10 seconds. To disable clearing set timeout to 0.
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.
The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.
Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.
Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.
Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.
Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.
NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.
Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.
Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.
Greatly simplified Secret Service plugin's use of crypto functions with Botan.
* Closes#4216
Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.
Introduce password health caching to prevent unnecessary calculations.
Since Homebrew moved all its stuff to /opt/homebrew, our hard-coded
install_name_tool patch magic stopped working. This patch uses
macdeployqt for all executables to prevent this kind of behaviour.
Fixes#6042
As discussed in #4317, the next KeePass2 release will ship with
support for a new generation of XML key files which enable
hash integrity checks.
This patch adds support for reading and generating this new format.
By default, KeePass2 now uses the .keyx extension for generated
key files, which was added to KeePassXC's key generation file chooser
filter. We continue to generate hashed binary key files by default,
but the user can explicitly save the file with the new .keyx
extension to generate an XML v2 key file (currently undocumented).
When opening a database, the key file type is still determined
by content negotation, so the file extension has no impact here.
As an additional change, the legacy key file warnings have been
improved slightly to be less confusing and more helpful.
Fixes#5311
Added the keyFile logic from the create command to the import command and moved the loadFileKey() function
to the Utils class since it is now used in both create & import classes.
Describe how to invoke the AFL fuzz tester on the KeePassXC
CLI tool. As suggested in #2729.
Fuzz test build of keepassxc-cli takes database password from
environment variable instead of requiring it to be empty.
Provide two empty kdbx files as initial fuzzer input, one
kdbx 3 and one kdbx 4, both with minimal number of decryption
rounds to speed up the test.
* Closes#5447
* Add option `--okon <okon-cli path>` to trigger the use of the okon cli tool to process a database's entries. When using this option the `-H, --hibp` option must point to a post-processed okon file instead of the standard HIBP text file.
* Updated documentation
The best option copy the password from the best match if only one matching entry exists.
Adding clip best option documentation
Adding unit tests on the new clip --best option
* Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC.
* Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write.
* Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize.
* Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations.
* Fixes#4400
* Fixes#4065
* Fixes#1050
* Fixes#1215
* Fixes#3087
* Fixes#1088
* Fixes#1869
Fixes#3398.
Convert to QTextStream for all CLI IO and greatly improve CLI tests
* Completely overhaul CLI tests to be much more streamlined and easy to read. Removed unnecessary code blocks by using existing functions.
Co-authored-by: Emma Brooks <me@pluvano.com>
* Add ability to create database with an empty password
* Add password repeat check
* Standardize process between `db-create` and `import` commands
* Improve db-create tests with new password repeat
Co-authored-by: Jonathan White <support@dmapps.us>
