Supported key types are RSA, ECDSA and Ed25519.
Includes tests to compare writing out keys produce the exact same private key if read from OpenSSH format and tests against ssh-agent to ensure all no generated key is rejected.
* Fix detecting AES-256/GCM cipher, fixes#8964
When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end.
* Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM)
* Disable AES-256/GCM for now in ssh keys
Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying
the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
currently, when keepassxc is not running, the command `keepassxc --lock` opens a new keepass window and blocks until the window is closed.
Especially in locking scripts this is rather unexpected and Ican't think of a case where someone explicitly starts keepass with --lock and wants this behaviour.
Rather --lock should always ensure, that there are no unlocked instances and exiting afterwards
* Rename "Database Tags" to "Searches and Tags"
* Separate searching for all entries and resetting the search
* Support selecting multiple tags to search against
* Fix using escaped quotes in search terms
* Make tag searching more precise
* Support `is:expired-#` to search for entries expiring within # days. Exclude recycled entries from expired search.
* Don't list tags from entries that are recycled
* Force hide tag auto-completion menu when tag editing widget is hidden. On rare occasions the focus out signal is not called when the tag view is hidden (entry edit is closed), this resolves that problem.
* Remove spaces from before and after tags to prevent seemingly duplicate tags from being created.
* Also fix some awkward signal/slot dances that were setup over time with the entry view and preview widget.
Allow changing tags for multiple entries through context menu
* Closes#8277 - show context menu with currently available tags in database and checks those that are set on one or more selected entries. When a tag is selected it is either set or unset on all entries depending on its checked state.
* Add ability to save searches and recall them from the "Searches and Tags" view
* Add ability to remove a tag from all entries from the "Searches and Tags" view
* Cleanup tag handling and widgets
* Fix#1090 - delay locking databases after minimize to allow for clipboard use, Auto-Type use, and browser integration use.
* Fix#6757 - prevent setting both minimize on unlock and lock on minimize settings at the same time.
1. Replaces words removed by pull 6914 <23b9e35de9> for possible offense. This restores the total word count.
Add replacement: grope -> . . . -> grouch
Change: hardcopy -> hardcopy -> hardback
Replace: hardcore -> . . . -> hardball
(I couldn't see "hardcopy" as a single word in American dictionaries from the turn of the century. It's too much of a neologism [and if we can't have "hardcore," then there's nothing else I can fit in that gap]. I had to remove another word to allow the addition of two new words here to preserve ordering. It's also an improvement because "hardcopy" is not a single word in dictionaries older than a decade or so.)
Add replacement: swinger -> . . . -> swindle
2. Yo-yo and yoyo are two spelling of the same exact word, and the latter spelling is "non-standard."
Keeping: yo-yo (t-shirt is the one other hyphenated word and I can't find a suitable candidate for either without creating several conflicts on the long wordlist)
Change: yoyo -> young
3. Word repetition: two spellings of same word hankie.
Keeping: hankie (as the "correct" spelling because "hanky" is more common in "hanky-panky").
Change: hanky -> hanoi
(The other option was to insert "hansom" between "hanky" and "haphazard," but "handsome" is a homophone because the "d" became silent many years ago.)
4. Changed proper nouns and brand names to regular nouns:
dropbox -> dropforge
ebay -> eaves
google -> goosey as in "loosey-goosey" (the real word is "googol," anyhow)
This necessitated changing goon -> gooseneck
ipad -> iota
iphone -> ire
ipod -> iridium
This necessitated irate -> iris
kleenex -> knack (the word "tissue" exists)
lego -> legitimate
xbox -> xenon (which sounds like x box or x-box, too)
Keeping: xerox (now genericized like aspirin)
5. Replaced non-standard words around "drop" and the brand name in there
drop-down -> drop-in
ebook -> (genericized like "email")
ecard -> echelon
This necessitated eccentric -> echidna
harddisk -> hardedge (Hardedge is an art style. Hard disk is always two words or else is abbreviated as HDD for hard disk drive)
6. Replaced flirtatious activity
footsie -> footstool
Which necessitated making footsore -> footway
7. Potentially sensitive anatomy
gonad -> golly
siamese -> sial (Siamese = Thai, but "twins" is also on the list and "Siamese" could precede "twins," which is slur for conjoined twins.)
8. Politically sensitive
islamist -> island (An Islamist is someone who wants to enforce political Islam on all with a literal and conservative interpretation of the Qu'ran. It does not mean Muslim.)
marxism -> marzipan (I'm a big old lefty, myself, but I need to be consistent)
********
These necessitated a couple changes to nearby words where a drop-in replacement word did not exist, which required shifting neighboring words slightly.
Alphabetical order preserved and total word count should match EFF's modified and the original Diceware list. No breaking changes.
* Fix#7726 - Ignore BEEP Auto-Type token when it includes spaces and numbers as well
* Close#8103 - Allow specifying specific attribute to use with PICKCHARS. If none specified, it defaults to Password.
* Fix#7811 - Notes height no longer truncated
* Fix#7949 - Improve copying attribute value to clipboard in entry preview
* Fix#7898 - Prevent copying url when copy password selected after clicking url in preview pane
* Fix#7982 - Double clicking hidden attributes in preview pane copies the value instead of ●●●●●●
* Split calls to finding hardware keys into sync and async methods. This has the side effect of simplifying the code.
* Check for keys before performing challenge/response if no keys have been found previously.
* Correct timeout of user interaction message to interact with the hardware key.
* Correct error in TestCli::testYubiKeyOption
Also added a reset decision button in session management tab
Fixes#7464
* Fix distorted button in settings page: the default margin in QToolBar is too large for our use case in a table row.
* On Windows, offer explicit methods to use the virtual keyboard style of typing. This partially reverts 1150b69836 by going back to the standard unicode method by default. However, uses can either add {MODE=VIRTUAL} to their sequence or choose "Use Virtual Keyboard" / CTRL+4 from the selection dialog.
* Took this opportunity to clean up the signature of AutoType::performAutoType and AutoType::performAutoTypeWithSequence by removing the "hideWindow" attribute.
* Show keyboard shortcuts on the selection dialog context menu
* Fix selection dialog help icon color when in dark theme
* Special thanks to @HexF and @smlu for their contributions towards this feature.
* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.
* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.
* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.
* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.
* Prevent quick unlock when using AutoOpen or opening from the command line.
If relock after performing Auto-Type is enabled it will wait until
specified timeout before doing so.
Retype time is now configurable and is decreased from the old
hardcoded 30 seconds down to 15 seconds to keep the default a bit
more secure while still allowing the user to set it higher for
their liking.
To restore old behavior the user can set retype time to 0 which
will make the database relock instantly.
Auto-Type relock setting relocated to Auto-Type tab to group it
better with the other Auto-Type settings.