The private exponent d may be negative in which case an additional pad
byte is needed. Otherwise ssh-agent fails to load the key.
Signed-off-by: Konrad Gräfe <kgraefe@paktolos.net>
Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.
Fixes#10287.
Closes#2689
The design of the respective code is loosely based on KDE's KActionCollection. The ActionCollection manages all actions that can be shortcut configured. These actions are then exposed in the config and a user can assign a different shortcut.
Actions inside the MainWindow have been added to the ActionCollection.
---------
Co-authored-by: Jonathan White <support@dmapps.us>
* Update release-tool.ps1
`Get-CimInstance MSFT_VSInstance` does not always work as it uses the default namespace root/cimv2. Specifying `Get-CimInstance MSFT_VSInstance -Namespace root/cimv2/vs` allows it to work.
Co-authored-by: Jonathan White <support@dmapps.us>
* Fix#9847 - don't provide TOTP values if settings are blank or completely wrong
* Fix#6838 - don't reset the ui when creating a new entry and applying TOTP to it
* Move totp source into the core folder
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)
* Add custom message box button "Continue with weak password"
* Entry: re-parent before adding to new group
Adding the Entry to the Group will emit signals about the action.
Present the object with the correct parent already.
* fdosecrets: Item::Create() can fail
If an entry cannot be registered on DBus, Item::Create() will return a
nullptr. Basically, this can only happen if there is already an item
with the same UUID in the collection. The only viable option here is to
ignore the new entry.
* Merger: prevent duplicate entry when merging histories
If the source entry is newer, a copy of the entry is made. But before
moving the merged entry to the target group, it must be removed.
Otherwise there will be briefly two entries with the same UUID
in the same group/database.
Even though this is only the case during the transaction, it can still
be observed because the operations emit signals. A notable problem is
the fdosecrets feature that relies on the uniqueness of the UUID or will
otherwise run into problems because the UUID is used as part of the DBus
path.
Botan::secure_scrub_memory -> defined in mem_ops.h
Botan::secure_vector -> defined in secmem.h
The reason only including secmem.h worked in previous (<3.0) versions of
Botan was because secmem.h included mem_ops.h. This is no longer the
case since commit
randombit/botan@49dbbcb2bf (2023-10-11;
"Split out allocator helpers to allocator.h")
Fixes#10038
The recent debug library is called botan-3.lib, which is unable to be found by this since BOTAN_NAMES_DEBUG does not contain the keyword "botan-3". This commit adds that keyword.
Closes#5991Closes#3337 - Support fingerprint readers on Linux
Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier.
Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
Keepassxc saves application state at XDG_CACHE_HOME which can be cleared on some systems periodicly.
This is not desireable as app state like window size is not consistent when openning the app.
To avoid this this commit is switching the path to XDG_STATE_HOME which is more fitting based on the freedesktop basedir spec (https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html), this will allow to prevent state file deletion as well.
Resolves#9738
