* Remove QuaZip dependency in favor of minizip
* Remove signature checks, but maintain signatures for backwards compatibility
* Remove UI components related to certificates except for personal certificate for backwards compatibility
* Default to unsigned containers (*.kdbx)
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.
The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.
Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.
Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.
Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.
Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.
NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.
Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.
Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.
Greatly simplified Secret Service plugin's use of crypto functions with Botan.
* Hack for #5722 until a refactor of KeeShare, Merger, and EditEntryWidget can be performed. This hack should only ever be triggered on the rare occurrence of two people editing the same entry at the same time. The end result is potential data loss, but the current result is a hard crash. Unfortunately the way everything is interfaced currently doesn't afford any solution without a major refactor.
* Additionally add a short delay before actually reloading a share to prevent read/write locks from preventing proper import. This delay also prevents conflicting saves between the main database and the KeeShare database. This should eventually be moved into the FileObserver itself to smooth out all merge operations once the above refactor occurs.
Side note: KeeShare operates independently of DatabaseWidget causing unexpected behavior when files are updated/merged/etc. This needs to be corrected in a refactor.
* Fix#4895 - when KeeShare imports a database it performs a merge operation. If that share was deleted from another identical database (ie, same base group UUID), then the group would be deleted in the middle of reinit causing a crash. This fix moves the group into a QPointer catching the delete operation.
* Fix#3790, shares now use the standard FileWatcher class to detect remote file changes using checksums and file system triggers.
* Fix#3895, macOS file selection no longer hangs the app.
* Restore saving of KeeShare settings accidentally removed by 596d2cf
Replaces all string configuration options with enum types
that can be checked by the compiler. This prevents spelling
errors, in-place configuration definitions, and inconsistent
default values. The default value config getter signature was
removed in favour of consistently and centrally default-initialised
configuration values.
Individual default values were adjusted for better security,
such as the default password length, which was increased from
16 characters to 32.
The already existing config option deprecation map was extended
by a general migration procedure using configuration versioning.
Settings were split into Roaming and Local settings, which
go to their respective AppData locations on Windows.
Fixes#2574Fixes#2193
this is a fix for an obvious regression. there was some refactoring
going on around here since the 2.4.3 release, and the return value of
ShareExport::intoContainer has since been neglected. with this change
the info banner showing errors/warnings/info/success after exporting a
database tree with KeeShare is shown again.
* Moved KeeShare Quiet Success message setting to the KeeShare portion of the application settings
* Removed an assert that caused the application to crash in debugging when a share file could not be found
* Corrected database settings security icon
Finding libquazip failed on macOS due to path differences.
This patch also cleans up the find module's code, aligns it
with the coding style of the other CMake files and removes
clutter that is not needed for KeePassXC such as non-Msys
builds on Windows.
* ShareObserver watches all shares
ShareObserver watches all shares to and considers settings only on
checking for changes. This fixes an assertion when an export group
signal is received, but export was disabled.
* Extend share message in group view
Extended the message for shared groups to indicate deactivate
import/export and errors when the share was not correctly configured.
* Fix problem with export from newly saved database
Newly created/saved databases (or used with DatabaseWidget::saveAs)
were not exported/imported correctly.
Fixed the problem by reinitializing the ShareObserver on
DatabaseWidget::saveAs.
* Introduce warnings and prevent conflicting shares
Introduced several warnings and errors to indicate improper settings.
Prevent export when a path is used multiple times (only the file path is
checked - may ignore multiple similar ways to reference a share).
* Improve KeeShare integration in DatabaseWidget
Moved initial KeeShare association to constructor.
Introduced Q_UNUSED to indicate need for assignment statement.
* Minor code quality fixes found by Codacy
* Fix unused variables when WITH_XC_NETWORKING is OFF
* Fix#2684, resolve entry references from the root group
* Fix#2697 and Fix#2699, listen specifically for
WM_QUERYENDSESSION and WM_ENDSESSION on
Windows to gracefully shutdown KeePassXC
* Cleanup proxy code and add explicit closure for
shutdown messages
* Fix#1846, kdbx is registered to KeePassXC with
an icon (locked database icon)
* Fix#2489, OpenSSL and Crypto libraries are packaged
to support https connections
* Fix minor typo in KeeShare (missing "?")
BulkFileWatcher emitted multiple file change signals (like
QFileSystemWatcher) for the watched files. Introduced a delay by waiting
until the end of the event loop to aggregate signals emitted by
QFileSystemWatcher before emitting custom signals.
Fixed serialization for KeeShareSettings::ScopedCertificate
Fixed tests for KeeShareSettings serialization
Fixed tests Cli features - tests translation for recycle bin since the
tests are executed with the system locale
Fixed initialization issue in ShareObserver
Fixed connection to renamed CustomData::customDataModified() signal
Fixed connection to renamed Database::databaseModified() signal
Fixed connection to renamed Group::groupModified() signal
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
