* Closes#6335
* Modify application settings presentation to allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
* Fixes#6459
Improves the overall handling of FdoSecrets showing client executable paths to the user. It does the following:
* Check executable file existence as described in [RFC] fdosecrets: add optional confirmation to secret access (#4733)
* Show application PID and dbus address in the client list
* When the executable file is inaccessible, depending on where the client name is shown:
* when shown inline, e.g. in notification text, where space is limited, clearly say that the path is invalid
* when shown in auth dialog, show warning and print detailed info about the client
* when shown in the client list, draw a warning icon
Co-authored-by: Jonathan White <support@dmapps.us>
* Support NFC readers for hardware tokens using PC/SC
This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.
* Split hardware key access into multiple classes to handle different methods of communicating with the keys.
* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.
* Add PC/SC interface for YubiKey challenge-response
This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.
Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.
This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.
* Remove PC/SC ATR whitelist, instead scan for AIDs
Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.
This enables the support of currently unknown or unreleased hardware.
Co-authored-by: Jonathan White <support@dmapps.us>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'uk' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'tr' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'th' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'sv' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'es' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'sk' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'sr' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'ru' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'ro' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'pt_PT' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'pt_BR' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'pl' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'ko' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'ja' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'it' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'id' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'hu' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'he' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'el' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'de' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'fr_CA' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'fr' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'fi' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'et' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'en_US' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'nl_NL' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'cs' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'zh_TW' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'zh_CN' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
at least 80% translated for the source file '/share/translations/keepassx_en.ts'
on the 'bg' language.
Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
* Remove mention of no longer used IRC network
Channels exist on matrix, and on libera.chat now.
* Correctly match only files with .png extension
The current search would match files such as 'createpng'.
* Fix comparison in script
The result was always false, due to comparing a literal string instead of a variable.
* Use correct license files from upstream
Correct license files obtained from:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txthttps://www.gnu.org/licenses/gpl-3.0.txthttps://www.gnu.org/licenses/old-licenses/lgpl-2.1.txthttps://www.gnu.org/licenses/lgpl-3.0.txt
* Refresh several shell scripts
This fixes several shellcheck warnings, as well as makes the code more
robust and have consistent codestyle between all the files.
* Trim excess whitespace
Externally opened attachments are now lifecycle-managed properly.
The temporary files are created with stricter permissions and entirely
random names (except for the file extension) to prevent meta data leakage.
When the database is closed, the files are overwritten with random
data and are also more reliably deleted than before.
Changes to the temporary files are monitored and the user is asked
if they want to save the changes back to the database (fixes#3130).
KeePassXC does not keep a lock on any of the temporary files, resolving
long-standing issues with applications such as Adobe Acrobat on Windows
(fixes#5950, fixes#5839).
Internally, attachments are copied less. The EntryAttachmentsWidget
now only references EntryAttachments instead of owning a separate copy
(which used to not be cleared properly under certain circumstances).
* Fix#6242 - pinned taskbar shortcuts are not removed on upgrade or uninstall. Icons will be preserved between upgrades.
* Fix#6627 - properly set checkboxes for desktop shortcut and autostart of login based on current settings during install
* Add documentation shortcuts to the start menu
* Auto-accept license if upgrading application
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.
The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.
Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.
Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.
Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.
Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.
NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.
Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.
Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.
Greatly simplified Secret Service plugin's use of crypto functions with Botan.
This change adds a new database settings widget
named "maintenance", using a wrench icon. This widget is designated to be the home for database related maintenance tasks.
Initially, managing custom icons is now possible from that new tab. The feature includes bulk removing of
any number of selected custom icons and automatic purging of unused custom icons by the click of a button.
Fixes#2110
* Closes#4216
Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.
Introduce password health caching to prevent unnecessary calculations.
- Allow switching between themes without restart (except classic)
- Rework icon loading and recolouring logic to react to theme changes
- Automatically react to light/dark theme change
- Remove explicit selection of monochrome tray icon variant (selected
automatically now)
- Update theme background colours for Big Sur
- Update application icon to match Big Sur HIG
The tray icon doesn't respond perfectly to theme changes yet on Big Sur,
since we need different icons for dark and light theme and cannot simply
let the OS recolour the icon for us (we do that, too, but only as an
additional fallback). At the moment, there is no signal to listen to
that would allow this.
This patch adds a few generic methods to OSUtils for detecting and
communicating theme changes, which are only stubs for Windows and Linux at
the moment and need to be implemented in future commits.
Fixes#4933Fixes#5349
* Include new icons for toolbar overflow to ensure they are tinted correctly and fit in with the rest of the UI.
* Replace custom code for clearing line edits by including a proper icon for the default action.
Describe how to invoke the AFL fuzz tester on the KeePassXC
CLI tool. As suggested in #2729.
Fuzz test build of keepassxc-cli takes database password from
environment variable instead of requiring it to be empty.
Provide two empty kdbx files as initial fuzzer input, one
kdbx 3 and one kdbx 4, both with minimal number of decryption
rounds to speed up the test.
Taken from the .ts files, specifically the translations of phrases "Password Manager" and "KeePassXC - cross-platform password manager" (translations of the latter then appropriately cropped, with some help from Google Translate for the scripts I can't read).
Also add Estonian translation for Comment.
It is usable by both Gnome Software, KDE Discover and web frontends,
such as Flathub which now enforces OARS.
By using OARS 1.0 all distributions should be supported. Version 1.1
should work almost everywhere, but there are a few notable distributions
that still lack GNOME Software >= 3.27.3.
In this case it should not matter, because the OARS data is the same for
both versions (nothing 1.1 specific is used).
You can generate and verify these changes using:
https://odrs.gnome.org/oars
* Move portable configuration files into a config subfolder from the executable. This prevents overwriting the stored config when the application is updated in-place.
* Use .portable file to signal a portable app
* Fix#4751
- Reduce SVG complexity and clean up unnecessary paths
- Recreate monochrome icons for better rendering at low resolutions
- Export as minified SVG Basic 1.1 without style elements
- Recreate 256x256 PNG from optimised SVG
- Unify widget layouts and margins
- Fix tab order on a bunch of widgets
- Fix broken entry/group edit form layout and replace with grid layout
- Rearrange some settings for better logical grouping
- Fix some settings checkboxes not being enabled/disabled on load
- Fix "General" settings tab scrolling
- Rename "Root" group to "Passwords"
- Update demo.kdbx accordingly and redownload favicons
- Change entry path display to use slash separators
- Reduce Medium and Large icon sizes slightly
* Add icons for Database Import, Database Export, and Recent Databases
* Change app exit icon to be distinct from export icon
* Updated and ran makeappicons.sh
Original source of icons is the icon8 library (http://icons8.com/c/flat-color-icons) and Paomedia (https://github.com/paomedia/small-n-flat). All icons used are licensed MIT or CC0; annotated in COPYING.
* Closes#4071
* Increase default size of database icons to 24px and entry preview panel to 48px
* Add shell script to assemble the database icons
* Use QIcon to seamlessly support High DPI displays and pixmap caching
* Add badge support for KeeShare groups and expired entries.
* Guard against use of QPixmap::fromImage without a GUI
* Add SVG minify and improve `make icons`
Co-authored-by: Wolfram Rösler <wolfram@roesler-ac.de>
Introduce a third unsorted status that shows entries in the order they occur in the KDBX file.
* Add keyboard shortcut Ctrl+Alt+Up/Down to move entries up and down in sort order
* Add entry context menu icons to achieve movement up/down
* Only show menu icons when in natural sort order
* Add Material Design icons for moving up/down
* Add feature to track non-data changes and force a save on exit to ensure they are not lost when locking a database. This allows users to make entry movements and group expand/collapse operations and not lose that state.
Remove saveas
Add an option in the 'Database' menu to save a backup of the current database.
Add unit test for saving database copy
* Open a test database, mark it as modified, and save a copy
* Fail if the copy is not a valid database
* Fail if the original database is saved
* Fail if the original database is no longer marked as modified
* Fixes#4168
* Introduce a custom data element stored with an entry to indicate that it is a "Known Bad" entry. This flag causes database reports to skip these entries.
* The current number of known bad entries is displayed in the statistics report.
* Add context menu to reports to easily exclude entries.
* Include checkboxes to install a desktop shortcut (default no) and start on login (default yes)
* Fix closing KeePassXC.exe and keepassxc-proxy.exe before installation starts
* Improve styling of launch after exit checkbox