Commit Graph

34 Commits

Author SHA1 Message Date
Christoph Honal
6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
a1346054
e3c7b570ae
Minor documentation and script cleanups (#6868)
* Remove mention of no longer used IRC network

Channels exist on matrix, and on libera.chat now.

* Correctly match only files with .png extension

The current search would match files such as 'createpng'.

* Fix comparison in script

The result was always false, due to comparing a literal string instead of a variable.

* Use correct license files from upstream

Correct license files obtained from:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
https://www.gnu.org/licenses/gpl-3.0.txt
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt
https://www.gnu.org/licenses/lgpl-3.0.txt

* Refresh several shell scripts

This fixes several shellcheck warnings, as well as makes the code more
robust and have consistent codestyle between all the files.

* Trim excess whitespace
2021-09-21 00:17:46 -04:00
smlu
0c6587b5b7 Add support for Microsoft Visual Studio buildchain
* Use C++17 when using MSVC compiler
* Remove unneeded header files and macros
* Removed unnecessary Yubikey cmake file
* Enhance release tool
* Updated INSTALL.md
2021-09-19 17:16:45 -04:00
Jonathan White
d4ff927181
2.6.0 CHANGELOG and README updates 2020-07-06 18:27:15 -04:00
Shun Sakai
9dde9314e8 Change to generate man page from AsciiDoc 2020-07-05 14:54:31 -04:00
Jonathan
c306fb55ae
Distinguish meaning of src directory and git root directory (#4337)
* Remove 'cd git-project-directory' from INSTALL.md as it is unnecessary
2020-02-17 07:28:08 -05:00
Jonathan White
8ded3bdba2 Merge branch 'master' into develop 2020-01-04 09:10:25 -05:00
Jonathan White
8459a216a5 Update testing instructions in INSTALL.md
Fixes #3897
2019-12-27 20:26:34 -05:00
Carlo Teubner
0423bbe168 INSTALL.md: fix broken wiki link 2019-11-29 08:36:15 -05:00
Sergei Zyubin
eb75985aa6 INSTALL.md: Fix broken link for MacOS 2019-10-30 08:09:23 -04:00
Janek Bevendorff
38524507d5
Merge branch 'master' into develop 2019-06-12 01:10:25 +02:00
Soham Gumaste
d5e544ab32 Add documentation for keyboard shortcuts (#3215)
* Add docs/KEYBINDS.md which lists all keyboard shortcuts.
* Added a reference in README.md to KEYBINDS.md
* Fixes #3175
2019-06-05 23:23:29 -04:00
Aetf
e121f4bc28 Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.

Squashed commits:

- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-05-12 12:35:42 -04:00
Jonathan White
bc891761b6
Merge branch 'release/2.4.2' into develop 2019-05-07 13:00:27 -04:00
Jonathan White
247b85fe69
Update INSTALL.md and cleanup CMakeLists.txt (#3074)
INSTALL.md
* Better organization of CMake options

CMakeLists.txt
* If WITH_XC_NETWORKING is disabled, also disable WITH_XC_UPDATECHECK
* Move KeeShare logic into KeeShare CMakeLists.txt
* Remove WITH_XC_KEESHARE_SECURE build option
* Attempt to find quazip, if found enable WITH_XC_KEESHARE_SECURE and build with secure container support
2019-05-07 12:56:55 -04:00
Jack Thomasson
1cbd395d71 multiple database with --pw-stdin (#2916)
* Updated utilities to unlock KDBX with OS password manager on macOS and Linux
* Use a static stream on stdin for --pw-stdin otherwise buffer loss eliminates subsequent passwords
* Update INSTALL requirements
2019-04-25 10:37:13 -04:00
Janek Bevendorff
13eb1c0bbd Improve resilience against memory attacks
To reduce residual fragments of secret data in memory after
deallocation, this patch replaces the global delete operator with a
version that zeros out previously allocated memory. It makes use of
the new C++14 sized deallocation, but provides an unsized fallback
with platform-specific size deductions.

This change is only a minor mitigation and cannot protect against
buffer reallocations by the operating system or non-C++ libraries.
Thus, we still cannot guarantee all memory to be wiped after free.

As a further improvement, this patch uses libgcrypt and libsodium
to write long-lived master key component hashes into a secure
memory area and wipe it afterwards.

The patch also fixes compiler flags not being set properly on macOS.
2019-04-21 09:39:28 -04:00
Weslly
779b529da2 Update checking feature (#2648)
* Check on startup (toggleable setting) and manually
* Option to check for pre-releases (eg, 2.4.0-beta1)
* Only included if WITH_XC_NETWORKING is enabled
2019-01-30 09:11:50 -05:00
Jonathan White
a8e266129a
Corrected formatting and cleanup 2019-01-16 22:53:29 -05:00
Jonathan White
66a36b3af1
Add WITH_APP_BUNDLE to INSTALL.md 2018-10-03 10:12:19 -04:00
Christian Kieschnick
28e7540096
Update ci files
* Removed libquazip-headers from trusty ci images
Trusty does not provide libquazip-headers (they are part of
libquazip-dev most likely)
* Bump rebuild counter
2018-10-01 10:51:13 -04:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00
mosin
1a9511da29 Update INSTALL.md (#2299)
* add build option for SSH Agent
2018-09-18 22:45:44 -04:00
Jonathan White
ca27fb06d5
Merge branch 'master'
Conflicts:
	INSTALL.md
	release-tool
	src/browser/BrowserOptionDialog.cpp
	src/browser/BrowserService.cpp
	src/browser/BrowserService.h
	src/browser/NativeMessagingBase.h
	src/browser/NativeMessagingHost.h
	src/core/Uuid.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseWidget.cpp
	src/gui/EditWidget.cpp
	src/gui/MainWindow.cpp
	src/gui/MainWindow.ui
	src/proxy/NativeMessagingHost.h
	src/sshagent/ASN1Key.cpp
2018-08-24 09:42:38 -04:00
Jonathan White
d6cae74176
Release 2.3.4 version bump
* Corrects INSTALL.md build instructions for Windows (#2126)
* Rephrase Qt 5.5.x warning to include on-screen keyboard combo
2018-08-22 11:23:18 -04:00
Jonathan White
410d88bf99
Remove KeePassHttp plugin and qhttp (#1752)
Remove KeePassHttp plugin and qhttp
2018-03-31 11:36:18 -04:00
dinony
7e75d04055 Docs (#1749)
Update build instructions
2018-03-18 01:10:00 +01:00
varjolintu
8ac909b0eb
Multiple browser related fixes 2018-01-20 00:47:26 +01:00
Jonathan White
542ee42313
Add Argon2Kdf and enable parameters in db settings
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
2018-01-13 14:23:30 -05:00
varjolintu
06518c5736 keepassxc-browser 2018-01-04 21:42:20 +01:00
Rich Brown
54d500737a Create docs directory and QUICKSTART.md instructions; editorial pass … (#1227)
Create docs directory and QUICKSTART.md instructions; editorial pass on README and INSTALL
2017-11-26 22:36:46 +01:00
David Sapienza
6608de6cfe Typo fix
"document a the following link" -> "document at the following link"
2017-09-05 10:39:20 +02:00
Avik Sengupta
e4c78f92d4 Fix url to build environment instructions
and format better.
2017-07-10 20:35:07 +01:00
louib
ff6d78244b Updated INSTALL documentation. (#140)
* KeePassCR -> KeePassXC in INSTALL
* Added .md extension to INSTALL.
2017-01-04 18:47:29 -05:00