diff --git a/.clang-format b/.clang-format index 8c5619f35..3c68a1a7a 100644 --- a/.clang-format +++ b/.clang-format @@ -54,7 +54,6 @@ IncludeCategories: IndentCaseLabels: false IndentWidth: 4 IndentWrappedFunctionNames: false -InsertNewlineAtEOF: true KeepEmptyLinesAtTheStartOfBlocks: true MacroBlockBegin: '' MacroBlockEnd: '' @@ -82,7 +81,7 @@ SpacesInContainerLiterals: true SpacesInCStyleCastParentheses: false SpacesInParentheses: false SpacesInSquareBrackets: false -Standard: c++17 +Standard: Cpp11 TabWidth: 4 UseTab: Never ... diff --git a/.gitattributes b/.gitattributes index 08f7af9d0..44196ec59 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,14 +1,3 @@ -# Github-linguist language hints -*.h linguist-language=C++ -*.cpp linguist-language=C++ - -# Line endings harmony -* text=auto eol=lf - -# binary files -*.ai binary - -# Export src/version.h.cmake export-subst .gitattributes export-ignore .gitignore export-ignore @@ -18,3 +7,13 @@ src/version.h.cmake export-subst snapcraft.yaml export-ignore make_release.sh export-ignore AppImage-Recipe.sh export-ignore + +# github-linguist language hints +*.h linguist-language=C++ +*.cpp linguist-language=C++ + +# binary files +*.ai binary + +# Line endings harmony +* text=auto diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 458020d3f..6de956328 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -15,7 +15,6 @@ These are just guidelines, not rules. Use your best judgment, and feel free to p * [Bug reports](#bug-reports) * [Discuss with the team](#discuss-with-the-team) * [Your first code contribution](#your-first-code-contribution) - * [Using AI](#using-ai) * [Pull requests](#pull-requests) * [Translations](#translations) @@ -39,7 +38,7 @@ We will accept contributions of good code that we can use from anyone. - “contributions”: This means just about anything you wish to contribute to the project, as long as it is good code we can use. The easier you make it for us to accept your contribution, the happier we are, but if it’s good enough, we will do a reasonable amount of work to use it. - “of good code”: This means that we will accept contributions that work well and efficiently, that fit in with the goals of the project, that match the project’s coding style, and that do not impose an undue maintenance workload on us going forward. This does not mean just program code, either, but documentation and artistic works as appropriate to the project. - “that we can use”: This means that your contribution must be given freely and irrevocably, that you must have the right to contribute it for our unrestricted use, and that your contribution is made under a license that is compatible with the license the project has chosen and that permits us to include, distribute, and modify your work without restriction. - - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to limit your access to our community if you violate our [Code of Conduct](../CODE-OF-CONDUCT.md). + - “from anyone”: This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to tell you to go away if you behave too obnoxiously toward us. #### If Your Contribution Is Rejected @@ -75,10 +74,6 @@ Unsure where to begin contributing to KeePassXC? You can start by looking throug Both issue lists are sorted by total number of comments. While not perfect, looking at the number of comments on an issue can give a general idea of how much an impact a given change will have. -### Using AI - -Generative AI is fast becoming a first-party feature in most development environments, including GitHub itself. If you use Generative AI to write the vast majority of your submission (e.g., agent-based or vibe coding) then you **must document your use of AI** in your pull request. Please include the service you used and/or model that generated the code. All code submissions go through a rigorous review process regardless of the development workflow used. - ### Pull requests Along with our desire to hear your feedback and suggestions, we're also interested in accepting direct assistance in the form of code. @@ -87,7 +82,7 @@ All pull requests must comply with the above requirements and with the [stylegui ### Translations -Translations are managed on [Transifex](https://explore.transifex.com/keepassxc/keepassxc/) which offers a web interface. +Translations are managed on [Transifex](https://www.transifex.com/keepassxc/keepassxc/) which offers a web interface. Please join an existing language team or request a new one if there is none. If you open a Pull Request with new strings that require translations, you will need to run the following: diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 000000000..a4a3ae2cd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,39 @@ +--- +name: Bug Report +about: provide information about a problem +title: +labels: bug +assignees: '' + +--- +## Overview +[TIP]: # ( DO NOT include screenshots of your actual database! ) +[NOTE]: # ( Give a BRIEF summary about your problem ) + + +## Steps to Reproduce +[NOTE]: # ( Provide a simple set of steps to reproduce this bug. ) +1. +2. +3. + +## Expected Behavior +[NOTE]: # ( Tell us what you expected to happen ) + + +## Actual Behavior +[NOTE]: # ( Tell us what actually happens ) + + +## Context +[NOTE]: # ( Give us any additional information you may have. ) + + +[NOTE]: # ( Paste debug info from Help → About here ) +KeePassXC - VERSION +Revision: REVISION + +[NOTE]: # ( Pick choices based on your environment ) +Operating System: Windows/Linux/macOS +Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon +Windowing System: X11/Wayland \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml deleted file mode 100644 index 557f4a4d9..000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Bug Report -description: Provide information about a problem you are experiencing. -type: Bug - -body: - - type: checkboxes - attributes: - label: Have you searched for an existing issue? - description: | - Use the issue search box to see if one already exists for the bug you encountered. - Also take a moment to review our pinned issues. - options: - - label: Yes, I tried searching and reviewed the pinned issues - required: true - - - type: textarea - id: summary - attributes: - label: Brief Summary - description: | - Provide an overview of the problem, include any information that may help us triage this issue. - Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture). - validations: - required: true - - - type: textarea - id: steps - attributes: - label: Steps to Reproduce - description: Provide a simple set of steps to reproduce this bug. - placeholder: | - 1. - 2. - 3. - validations: - required: true - - - type: textarea - id: expected_vs_actual - attributes: - label: Expected Versus Actual Behavior - description: Tell us what you expected to happen and what actually happened. - - - type: textarea - id: debug_info - attributes: - label: KeePassXC Debug Information - placeholder: "Paste the output of: Help -> About -> Debug Info" - render: Text - - - type: dropdown - id: os - attributes: - label: Operating System - description: Select your operating system. - options: - - Windows - - Linux - - macOS - - Other (BSD, Haiku, etc) - - - type: dropdown - id: desktop_env - attributes: - label: Linux Desktop Environment - description: If on Linux, please select your desktop environment. - options: - - Gnome - - KDE - - XFCE - - Mate / Cinnamon - - Sway - - i3 - - Other - - - type: dropdown - id: window_system - attributes: - label: Linux Windowing System - description: If on Linux, please select your windowing system. - options: - - X11 - - Wayland diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md new file mode 100644 index 000000000..d213b4fa3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -0,0 +1,19 @@ +--- +name: Feature Request +about: tell us about a new feature you want +title: +labels: new feature +assignees: '' + +--- +## Summary +[TIP]: # ( DO NOT include screenshots of your actual database! ) +[NOTE]: # ( Provide a brief overview of what the new feature is all about ) + + +## Examples +[NOTE]: # ( Show us a picture or mock-up of your proposal ) + + +## Context +[NOTE]: # ( Why does this feature matter to you? What unique circumstances do you have? ) diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml deleted file mode 100644 index 90f543440..000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Feature Request -description: Tell us about a new feature you want. -type: Feature - -body: - - type: checkboxes - attributes: - label: Have you searched for an existing feature request? - description: Use the issue search box to see if one already exists for the feature you want. - options: - - label: Yes, I tried searching - required: true - - - type: textarea - id: summary - attributes: - label: Brief Summary - description: | - Provide an overview of the feature you are interested in adding. - Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture). - validations: - required: true - - - type: textarea - id: example - attributes: - label: Example - description: Provide an example of how this feature would be used. - - - type: textarea - id: context - attributes: - label: Context - description: Why does this feature matter to you? What unique circumstances do you have? diff --git a/.github/ISSUE_TEMPLATE/prerelease_bug_report.yml b/.github/ISSUE_TEMPLATE/prerelease_bug_report.yml deleted file mode 100644 index 10c5d855c..000000000 --- a/.github/ISSUE_TEMPLATE/prerelease_bug_report.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: Pre-Release Bug Report -description: Report an issue with pre-release code (e.g. snapshot builds). -type: Bug -labels: PRE-RELEASE BUG -assignees: droidmonkey - -body: - - type: checkboxes - attributes: - label: Have you searched for an existing issue? - description: | - Use the issue search box to see if one already exists for the bug you encountered. - Also take a moment to review our pinned issues. - options: - - label: Yes, I tried searching and reviewed the pinned issues - required: true - - - type: textarea - id: summary - attributes: - label: Brief Summary - description: | - Provide an overview of the problem, include any information that may help us triage this issue. - Provide screenshots if possible, but do NOT show sensitive data (use View -> Allow Screen Capture). - validations: - required: true - - - type: textarea - id: steps - attributes: - label: Steps to Reproduce - description: Provide a simple set of steps to reproduce this bug. - placeholder: | - 1. - 2. - 3. - validations: - required: true - - - type: textarea - id: expected_vs_actual - attributes: - label: Expected Versus Actual Behavior - description: Tell us what you expected to happen and what actually happened. - - - type: textarea - id: debug_info - attributes: - label: KeePassXC Debug Information - placeholder: "Paste the output of: Help -> About -> Debug Info" - render: Text - - - type: dropdown - id: os - attributes: - label: Operating System - description: Select your operating system. - options: - - Windows - - Linux - - macOS - - Other (BSD, Haiku, etc) - - - type: dropdown - id: desktop_env - attributes: - label: Linux Desktop Environment - description: If on Linux, please select your desktop environment. - options: - - Gnome - - KDE - - XFCE - - Mate / Cinnamon - - Sway - - i3 - - Other - - - type: dropdown - id: window_system - attributes: - label: Linux Windowing System - description: If on Linux, please select your windowing system. - options: - - X11 - - Wayland diff --git a/.github/ISSUE_TEMPLATE/release-preview-bug-report.md b/.github/ISSUE_TEMPLATE/release-preview-bug-report.md new file mode 100644 index 000000000..b2fbf65ff --- /dev/null +++ b/.github/ISSUE_TEMPLATE/release-preview-bug-report.md @@ -0,0 +1,39 @@ +--- +name: Release Preview Bug report +about: report a bug with a release preview (e.g., 2.6.0-beta1) +title: +labels: PRE-RELEASE BUG +assignees: droidmonkey + +--- +## Overview +[TIP]: # ( DO NOT include screenshots of your actual database! ) +[NOTE]: # ( Give a BRIEF summary about your problem ) + + +## Steps to Reproduce +[NOTE]: # ( Provide a simple set of steps to reproduce this bug. ) +1. +2. +3. + +## Expected Behavior +[NOTE]: # ( Tell us what you expected to happen ) + + +## Actual Behavior +[NOTE]: # ( Tell us what actually happens ) + + +## Context +[NOTE]: # ( Give us any additional information you may have. ) + + +[NOTE]: # ( Paste debug info from Help → About here ) +KeePassXC - VERSION +Revision: REVISION + +[NOTE]: # ( Pick choices based on your environment ) +Operating System: Windows/Linux/macOS +Desktop Env: Gnome/KDE/XFCE/Mate/Cinnamon +Windowing System: X11/Wayland \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 5e039d00b..e75bbcd60 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,16 +1,15 @@ -[NOTE]: # ( Describe your changes in detail. Explain large or complex code modifications. ) -[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX". ) -[NOTE]: # ( If you used Generative AI to write the majority of your code, you must state this. ) +[NOTE]: # ( Describe your changes in detail, why is this change required? ) +[NOTE]: # ( Explain large or complex code modifications. ) +[NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX" ) ## Screenshots -[NOTE]: # ( Do not include screenshots of your actual database! ) -[TIP]: # ( Use View -> Allow Screen Capture ) +[TIP]: # ( Do not include screenshots of your actual database! ) ## Testing strategy [NOTE]: # ( Please describe in detail how you tested your changes. ) -[TIP]: # ( We expect new code to be covered by unit tests and include helpful comments. ) +[TIP]: # ( We expect new code to be covered by unit tests and documented with doc blocks! ) ## Type of change diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md deleted file mode 100644 index 3ab9ed868..000000000 --- a/.github/copilot-instructions.md +++ /dev/null @@ -1,44 +0,0 @@ -This repository is a C++ (C++20) Qt-based password manager. The important domain concepts are -Database, Group, and Entry (KDBX format). Key areas to know before making changes are below. - -Quick reference (common commands) -- Configure + build (preferred: CMake presets) - - Windows (PowerShell): `cmake --preset x64-debug` - - Build: `cmake --build --preset x64-debug` or `cmake --build . -j ` from the build dir -- Formatting (required before commits): - - `cmake --build . --target format` (runs clang-format) -- Tests: - - Run all tests: `ctest -j ` from build dir - - Run single test (verbose): `ctest -R -V` -- Translations & i18n (release tooling): - - Update translation sources: `python ./release-tool.py i18n lupdate` - -Big-picture architecture (where to look) -- src/core: core data model (Database, Groups, Entries). Example: `src/core/Database.h` -- src/format: KDBX readers/writers and import/export logic. (sensitive - avoid casual edits) -- src/crypto: cryptographic primitives and key derivation. (sensitive - avoid casual edits) -- src/gui: Qt UI layers, widgets, main window and app lifecycle (entry: `src/main.cpp`, `src/gui/MainWindow.cpp`) -- src/sshagent, src/browser, src/fdosecrets, src/quickunlock: integration adapters for external systems -- tests/ and tests/gui/: QTest-based unit and GUI tests (follow existing test patterns) - -Project-specific conventions & patterns -- Language/features: C++20, heavy use of Qt signal/slot idioms and QObject-derived classes. -- Build: use provided CMake commands to configure and build the project successfully. -- Formatting: a CMake target (`format`) runs clang-format — run it before committing. -- Translations: translation files are generated/updated via the release tool — run it before committing. -- UI files: .ui changes are non-trivial; prefer proposing .ui edits rather than committing wholesale .ui changes unless very simple. -- Sensitive areas: `src/crypto` and `src/format` contain security-sensitive logic — avoid refactors that change algorithms without expert review. - -Concrete examples (where to copy patterns) -- Signal connections: see `src/keeshare/ShareObserver.cpp` (connect to Database signals like `groupAdded` / `modified`). -- Opening/locking DBs: `src/gui/DatabaseTabWidget.*` and `src/gui/DatabaseWidget.*` show typical lifecycle and `emitActiveDatabaseChanged()`. -- Format/validation: use `src/format/KdbxReader.cpp` and `Kdbx4Reader.cpp` for error handling patterns when reading DBs. - -Rules for automated agents -- Do not change cryptographic or serialization logic unless the change is narrowly scoped and you run tests. -- When adding features, create relevant unit tests within existing files in `tests/`. -- Always run code formatting, translation update, and tests before submitting commits. -- All tests related to your change must pass before committing. -- Reference real files in PR descriptions (e.g., "changed src/core/Database.h and tests/TestDatabase.cpp"). - -If anything above is unclear or you want more detail about a specific area (build matrix, CI, or release-tool commands), tell me which part and I will expand. diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 07d4104b7..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: - - 'develop' - - 'release/**' - pull_request: - schedule: - - cron: '5 16 * * 3' - -jobs: - analyze: - name: Analyze - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Use only 'java' to analyze code written in Java, Kotlin or both - # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - if: matrix.language == 'cpp' - name: Install dependencies - run: | - sudo apt update - sudo apt install build-essential cmake g++ - sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev libqt5x11extras5-dev - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: security-and-quality - - - if: matrix.language == 'cpp' - name: Build C++ - run: | - mkdir build && cd build - cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF .. - make -j $(nproc) - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - if: matrix.language != 'cpp' - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml deleted file mode 100644 index cfd6b46e7..000000000 --- a/.github/workflows/copilot-setup-steps.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: "Copilot Setup Steps" - -# Setup the environment for Copilot agents to run in -on: - workflow_dispatch: - push: - paths: - - .github/workflows/copilot-setup-steps.yml - pull_request: - paths: - - .github/workflows/copilot-setup-steps.yml - -jobs: - copilot-setup-steps: - runs-on: ubuntu-latest - - # Needed to clone the repository - permissions: - contents: read - - # Install dependencies - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install dependencies - run: | - sudo apt update - sudo apt install --no-install-recommends build-essential cmake g++ ninja-build qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev libqt5x11extras5-dev diff --git a/.gitignore b/.gitignore index 6cd3eaad0..9ab62e190 100644 --- a/.gitignore +++ b/.gitignore @@ -24,11 +24,5 @@ desktop.ini # MSVC Files CMakeSettings.json CMakePresets.json -CMakeUserPresets.json .vs/ -out/ -\.clangd - -# vcpkg -vcpkg_installed*/ - +out/ \ No newline at end of file diff --git a/.tx/config b/.tx/config index 886755d67..ce45c5ebd 100644 --- a/.tx/config +++ b/.tx/config @@ -1,21 +1,14 @@ [main] -host = https://app.transifex.com +host = https://www.transifex.com -[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--develop] -file_filter = share/translations/keepassxc_.ts -source_file = share/translations/keepassxc_en.ts -type = QT -minimum_perc = 60 -resource_name = keepassxc_en.ts (develop) -replace_edited_strings = false -keep_translations = false - -[o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--master] -file_filter = share/translations/keepassxc_.ts -source_file = share/translations/keepassxc_en.ts -type = QT -minimum_perc = 60 -resource_name = keepassxc_en.ts (2.7.x stable) -replace_edited_strings = false -keep_translations = false +[keepassxc.share-translations-keepassxc-en-ts--develop] +source_file = share/translations/keepassxc_en.ts +file_filter = share/translations/keepassxc_.ts +source_lang = en +type = QT +[keepassxc.share-translations-keepassxc-en-ts--master] +source_file = share/translations/keepassxc_en.ts +file_filter = share/translations/keepassxc_.ts +source_lang = en +type = QT diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d31d54b6..1221b908c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,318 +1,6 @@ # Changelog -## 2.8.0 (Pending) -* Placeholder for future release notes - -## 2.7.11 (2025-11-23) - -### Changes -- Add image, HTML, Markdown preview, and text editing support to inline attachment viewer [#12085, #12244, #12654] -- Add database merge confirmation dialog [#10173] -- Add option to auto-generate a password for new entries [#12593] -- Add support for group sync in KeeShare [#11593] -- Add {UUID} placeholder for use in references [#12511] -- Add “Wait for Enter” search option [#12263] -- Add keyboard shortcut to “Jump to Group” from search results [#12225] -- Add predefined search for TOTP entries [#12199] -- Add confirmation when closing database via ESC key [#11963] -- Add support for escaping placeholder expressions [#11904] -- Reduce tab indentation width in notes fields [#11919] -- Cap default Argon2 parallelism when creating a new database [#11853] -- Database lock after inactivity now enabled by default and set to 900 seconds [#12689, #12609] -- Copying TOTP now opens setup dialog if none is configured for entry [#12584] -- Make double click action configurable [#12322] -- Remove unused “Last Accessed” from GUI [#12602] -- Auto-Type: Add more granular confirmation settings [#12370] -- Auto-Type: Add URL typing preset and add copy options to menu [#12341] -- Browser: Do not allow sites automatically if entry added from browser extension [#12413] -- Browser: Add options to restrict exposed groups [#9852, #12119] -- Bitwarden Import: Add support for timestamps and password history [#12588] -- macOS: Add Liquid Glass icon [#12642] -- macOS: Remove theme-based menubar icon toggle [#12685] -- macOS: Add Window and Help menus [#12357] -- Windows: Add option to add KeePassXC to PATH during installation [#12171] - -### Fixes -- Fix window geometry not being restored properly when KeePassXC starts in tray [#12683] -- Fix potential database truncation when using direct write save method with YubiKeys [#11841] -- Fix issue with database backup saving [#11874] -- Fix UI lockups during startup with multiple tabs [#12053] -- Fix keyboard shortcuts when menubar is hidden [#12431] -- Fix clipboard being cleared on exit even if no password was copied [#12603] -- Fix single-instance detection when username contains invalid filename characters [#12559] -- Fix “Search Wait for Enter” setting not being save [#12614] -- Fix hotkey accelerators not being escaped properly on database tabs [#12630] -- Fix confusing error if user cancels out of key file edit dialog [#12639] -- Fix issues with saved searches and “Press Enter to Search” option [#12314] -- Fix URL wildcard matching [#12257] -- Fix TOTP visibility on unlock and settings change [#12220] -- Fix KeeShare entries with reference attributes not updating [#11809] -- Fix sort order not being maintained when toggling filters in database reports [#11849] -- Fix several UI font and layout issues [#11967, #12102] -- Prevent mouse wheel scroll on edit username field [#12398] -- Improve base translation consistency [#12432] -- Improve inactivity timer [#12246] -- Documentation improvements [#12373, #12506] -- Browser: Fix ordering of clientDataJSON in Passkey response object [#12120] -- Browser: Fix URL matching for additional URLs [#12196] -- Browser: Fix group settings inheritance [#12368] -- Browser: Allow read-only native messaging config files [#12236] -- Browser: Optimise entry iteration in browser access control dialog [#11817] -- Browser: Fix “Do not ask permission for HTTP Basic Auth” option [#11871] -- Browser: Fix native messaging path for Tor Browser launcher on Linux [#12005] -- Auto-Type: Fix empty window behaviour [#12622] -- Auto-Type: Take delays into account when typing TOTP [#12691] -- SSH Agent: Fix out-of-memory crash with malformed SSH keys [#12606] -- CSV Import: Fix modified and creation time import [#12379] -- CSV Import: Fix duplication of root groups on import [#12240] -- Proton Pass Import: Fix email addresses not being imported when no username set [#11888] -- macOS: Fix secure input getting stuck [#11928] -- Windows: Prevent launch as SYSTEM user from MSI installer [#12705] -- Windows: Remove broken check for MSVC Redistributable from MSI installer [#11950] -- Linux: Fix startup delay due to StartupNotify setting in desktop file [#12306] -- Linux: Fix memory initialisation when --pw-stdin is used with a pipe [#12050] - -## 2.7.10 (2025-03-02) - -### Changes -* Allow adjusting application font size [#11567] -* Add Proton Pass importer [#11197] -* Support KeePass2 TOTP settings [#11229] -* Add New/Preview Entry Attachments dialog and functionality [#11637, #11699, #11650] -* Add database name, color, and icon options for unlock view [#10819, #11725] -* Show entry background color as column [#6798] -* Use icons for password strength [#9844] -* Add "Group Full Path" column in entry view [#10278] -* Passphrase "MIXED case" Type [#11255] -* Allow deleting extension plugin data from Browser Statistics [#11218] -* Add --minimized option to keepassxc [#11693] -* Implement T-CONV and T-REPLACE-RX entry placeholders [#11453] -* Option to disable opening browser when URL field double-clicked [#11332] -* Overhaul action states and add icons to toolbar [#11047] -* Show character count in password generator dialog [#10940] -* Add ability to expire entries from context menu [#8731] -* Add copy field shortcuts to Auto-Type select dialog [#11518] -* Passkeys: Add support for selecting group on creation [#11260] -* Browser: Refactor Access Control Dialog [#9607] -* Browser: Add support for URL wildcards and exact URL [#9835, #11752] -* Browser: Allow groups to restrict by browser integration key [#9852] -* CLI: Add `-d` dry-run shortcut to merge command [#11192] -* CLI: HTML export [#11590] -* macOS: Add option to disable database lock when switching user [#9707] -* SSH Agent: Implement feature to clear all identities [#10649] - -### Fixes -* Major enhancements to documentation [#11745, #10875] -* Various UI and style fixes [#11535, #11672, #11511, #11445, #11426, #11273, #11455, #11321, #11594, #11539, #11351, #11354, #10748, #11602, #11303, #11291, #10091, #9417] -* Various improvements to tags [#11676, #11652, #11625] -* Reset splitter sizes on database unlock [#11014] -* Remember sort order in Auto-type popup dialog [#9508] -* Fix database password clearing when modifying key file / hardware key [#11001] -* Fix issues with reloading and handling of externally modified db file [#10612] -* Support passkeys with Bitwarden import [#11401] -* Fix various quirks with CSV import [#11787] -* Show Auto-Type select dialog even if window title is empty [#11603] -* Refactor hardware key code to avoid deadlock [#11703, #10872] -* Show a clear error if hardware key is found slots are not configured [#11609] -* Fix signal/slot disconnect when opening import wizard [#11039] -* Fix setting window title as modified [#11542] -* Fix assert hit when viewing entry history [#11413] -* Fix multiple crashes on Linux [#11513] -* Fix backup file path time substitution [#10834] -* Prevent long-running threads from deadlocking the program with only 1 CPU [#11155] -* Hide the menubar when menus lose focus (if toggled off) [#11355, #11605] -* CLI: Restore the original codepage on windows [#11470] -* Passkeys: Various fixes [#10934, #10951] -* Browser: Fix cancel with database unlock dialog [#11435] -* Browser: Resolve references in Access Confirm dialog [#11055] -* SSH Agent: Add timeout to streams to prevent deadlock [#11290] -* macOS: Replace legacy code for screen recording permissions [#11428] -* macOS: Implement Secure Input Mode [#11623] -* macOS: Fix showing ambigious name in settings [#11373] -* macOS: Fix copy-to-clipboard shortcut in entry preview widget [#10966] -* Linux: Prevent multiple lock requests [#11306] -* Snap: Prevent need for snap helper script to configure browser extension [#10924] -* Windows: Detect outdated VC Redist with MSI installer [#11469] -* Windows: Additional exclusion fields for clipboard [#11521] - -## 2.7.9 (2024-06-19) - -### Changes -* Passkeys: Ability to easily remove a passkey from an entry [#10777] -* Snap: Use new desktop portal for native messaging integration [#10906] - -### Fixes -* Improve entry placeholder/reference feature [#10846] -* Improve CSV importing when title field isn't specified [#10843] -* Improve encrypted Bitwarden importing [#10800] -* Improve database settings UX [#10821] -* Improve handling of clipboard actions from entry preview [#10810] -* Improve group/entry view resize behavior and set sensible defaults [#10641] -* Passkeys: Fix incorrect username fill [#10874] -* Passkeys: Return additional data to the extension [#10857] -* Fix password clear timer inconsistency on unlock view [#10708] -* Fix portability check [#10760] -* Fix page overflow on HTML exports [#10735] -* Fix broken builds when using system provided zxcvbn [#10717] -* Fix copy password button when text is selected [#10853] -* Fix tab ordering on application settings pages [#10907] -* SSH Agent: Fix broken decrypt button [#10638] -* Windows: Fix ALT Auto-Type modifier [#10795] -* Windows: Fix wrong DACL memory size allocation [#10712] -* macOS: Fix monospace font sizing [#10739] -* Flatpak: Fix configuration settings off-by-one error [#10688] -* BSD: Fix compiling with libusb implementation [#10736] - -## 2.7.8 (2024-05-05) - -### Changes -- Add hotkey for showing search help [#10591] -- Add hotkey for group switching (Ctrl+Shift+PgUp/PgDown) [#10625] -- Add per-database auto-save delay setting [#9100] -- Add setting to hide menubar [#10341] -- Improve Bitwarden 1PUX import and support organization collections [#10499] -- Show advanced settings checkbox only for settings that have them [#6513] -- Remove obsolete setting for requiring repeated password entry [#9722] -- Passkeys: Allow registering Passkeys to existing entries [#10408] -- Passkeys: Show warning about data being unencrypted before Passkey export [#10411] -- Passkeys: Support NFC and USB transports [#10402] -- Passkeys: Pass extension JSON data to browser [#10615] -- SSH Agent: Do not use entries from recycle bin [#10518] -- Linux: Change hotkey sequence used for {CLEARFIELD} Auto-Type [#10008] -- Windows: Improve DACL memory access protection [#10618] - -### Fixes -- Fix crash when deleting history items [#10451] -- Fix crash on screen lock or computer sleep [#10458] -- Fix search field not being focused after unlock [#10459] -- Fix loss of window focus when Auto-Type needs to unlock a database [#10555] -- Fix inconsistent TOTP visibility on unlock [#10009] -- Fix CSV import skipping over single-name groups [#10575] -- Fix key file folder being remembered even if disabled in settings [#10636] -- Fix issues with entry editing and database locking [#10667] -- Fix key file text when provided on command line [#10642] -- Fix issues with hardware key auto detection [#10663] -- Do not override monospace font size [#10282] -- Perform group sort only when group view is in focus [#10202] -- Do not show decimals for attachment sizes in Bytes [#10595] -- Prevent merging of global custom data when merging databases [#10452] -- Fix minor translation issues [#10635] -- Passkeys: Fix StrongBox incompatibility [#10420] -- Passkeys: Set RP ID to effective domain if unset instead of returning an error [#10384] -- Passkeys: Various UI fixes and improvements [#10427, #10608, #10609] -- AppImage: Fix URL opening [#10624] -- Flatpak: Fix application autostart [#10563] -- Linux/macOS: Fix button sizes on modal alert popups [#10500] -- Linux: Fix clipboard clear on Wayland [#10500] -- Windows: Preserve file-hidden attribute [#10343] - -## 2.7.7 (2024-03-09) - -### Changes -- Support USB Hotplug for Hardware Key interface [#10092] -- Support 1PUX and Bitwarden import [#9815] -- Browser: Add support for PassKeys [#8825, #9987, #10318] -- Build System: Move to vcpkg manifest mode [#10088] - -### Fixes -- Fix multiple TOTP issues [#9874] -- Fix focus loss on save when the editor is not visible anymore [#10075] -- Fix visual when removing entry from history [#9947] -- Fix first entry is not selected when a search is performed [#9868] -- Prevent scrollbars on entry drag/drop [#9747] -- Prevent duplicate characters in "Also choose from" field of password generator [#9803] -- Security: Prevent byte-by-byte and attachment inference side channel attacks [#10266] -- Browser: Fix raising Update Entry messagebox [#9853] -- Browser: Fix bugs when returning credentials [#9136] -- Browser: Fix crash on database open from browser [#9939] -- Browser: Fix support for referenced URL fields [#8788] -- MacOS: Fix crash when changing highlight/accent color [#10348] -- MacOS: Fix TouchID appearing even though lid is closed [#10092] -- Windows: Fix terminating KeePassXC processes with MSI installer [#9822] -- FdoSecrets: Fix database merge crash when enabled [#10136] - -## 2.7.6 (2023-08-15) - -### Changes -- Significant improvement to visual when drag/drop entries [#9698] -- Automatically prompt for Quick Unlock when showing unlock dialog [#9697] -- Improve colorful lock icon and fix file MIME icon on KDE [#9632] -- Ability to search by entry UUID [#9571] -- Add challenge-response support for NitroKey 3 [#9631] -- Auto-Type: Disable entry level Auto-Type when disabled at group/entry [#9672] -- Browser: Show warning when adding duplicate URL's to entry [#9588][#9635] -- Browser: Improve error message when proxy cannot be found [#9385] - -### Fixes -- Fix crash on exit on macOS [#9620] -- Fix crash on search if entry doesn't have a group [#9633] -- Fix several issues with Quick Unlock [#9697] -- Enable save button when not auto-saving non-data changes [#9634] -- Several UI/UX fixes [#9647] -- Move toolbar back to top of window when disabling movement [#9699] -- Browser: Fix closing password generator dialog with X button [#9636] -- Browser: Fix handling of expired credentials [#9595] -- Windows: Prevent white flicker when launching application [#9637] -- Linux: Fix warning message about allow screencapture [#9638] -- FdoSecrets: Fix access confirmation dialog showing even when disabled [#9690] - -## 2.7.5 (2023-05-14) - -### Changes -- Add menu option to allow screenshots [#8841] -- Add support for Botan 3 [#9388] -- Increase max TOTP step to 24 hours [#9149] -- Improve HTML export layout [#8987] -- Turn search reset off by default [#9153] -- Use QClipboard::clear() instead of setting blank text [#9148] -- Hide group column header choice when not in search [#9171] -- Improve look of KeePassXC logo and icons [#9355] -- Add keyboard shortcuts for app and database settings [#9007] -- Hide rename button from attachments preview panel [#8842] -- Linux: Set SingleMainWindow in .desktop file [#7430] - -### Fixes -- Fix crash when search clears while creating new entry [#9230] -- Fix crash when using Windows Hello in a Remote Desktop session [#9006] -- Fix crash in Group Edit after enabling Browser Integration [#8778] -- Fix canceling quick unlock when it is unavailable [#9034] -- Set password input field font correctly [#8732] -- Greatly improve performance when rendering entry view [#9398] -- Fix various accessibility issues [#9138] -- Fix arrows size when expand/collapse a group [#9096] -- Select the clone instead of the original after cloning an entry [#9070] -- Fix bugs with preview widget [#9170] -- Fix status bar update when switching to other DB [#9073] -- Fix database settings spin box bug [#9101] -- Fix Ctrl+Tab shortcut to cycle databases in unlock dialog [#8839] -- Fix TOTP QR code maintaining square ratio [#9027] -- Fix Auto-Type configuration page on custom sequence selection [#8752] -- Fix unexpected behavior of `--lock` when KeePassXC is not running [#8889] -- Make open folder icon exempt from "Apply group icon to entry" [#9205] -- Allow setting default file open directory with env var [#9192] -- SSH Agent: Fix support for AES-256/GCM openssh keys [#8968] -- Browser: Fix Native Messaging script path with BSD OS's [#8835] -- MacOS: Fix text selection for Auto-Type clear field [#9066] -- MacOS: Don't rely on AppleInterfaceStyle for theme switching [#8615] -- Windows: Remove registry detection of desktop shortcut [#9380] - -## 2.7.4 (2022-10-29) - -### Changes -- Add 2 months expiration preset [#8687] -- CLI: Add Unicode support on Windows [#8618] - -### Fixes -- Fix crash on macOS when unlocking database [#8676] -- Fix display of passwords in preview panel [#8633] -- Fix clicking links in entry preview panel [#8644] -- Prevent expired entries search if no results returned [#8643] -- Browser: Revert code causing connection problems [#8665] -- Browser: Fix socket file symbolic link on Linux [#8656] -- Flatpak: Fix launching browser proxy service [#8680] -- SSH Agent: Fix pageant support on Windows [#8619] - -## 2.7.3 (2022-10-23) +## 2.7.2 (2022-10-22) ### Changes - Enhance Tags Support and Add Saved Searches [#8435, #8607] @@ -1193,7 +881,7 @@ - Compare window title to entry URLs #556 - Implemented inline error messages #162 - Ignore group expansion and other minor changes when making database "dirty" #464 -- Updated license and copyright information on source files #632 +- Updated license and copyright information on souce files #632 - Added contributors list to about dialog #629 ## 2.1.4 (2017-04-09) diff --git a/CMakeLists.txt b/CMakeLists.txt index 95d6e0b96..c3bb4c445 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,7 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -cmake_minimum_required(VERSION 3.10.0) +cmake_minimum_required(VERSION 3.3.0) project(KeePassXC) set(APP_ID "org.keepassxc.${PROJECT_NAME}") @@ -53,24 +53,16 @@ set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins") option(WITH_XC_AUTOTYPE "Include Auto-Type." ON) option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF) option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF) -option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF) option(WITH_XC_YUBIKEY "Include YubiKey support." OFF) option(WITH_XC_SSHAGENT "Include SSH agent support." OFF) option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF) option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON) if(UNIX AND NOT APPLE) option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF) - set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps") endif() option(WITH_XC_DOCS "Enable building of documentation" ON) -if(WIN32 OR APPLE) - set(WITH_XC_CODESIGN_IDENTITY "" CACHE STRING "Certificate to be used for signing binaries before packaging.") - if(WIN32) - set(WITH_XC_CODESIGN_TIMESTAMP_URL "http://timestamp.sectigo.com" CACHE STRING "Timestamp URL for Windows code signing.") - elseif(APPLE) - set(WITH_XC_NOTARY_KEYCHAIN_PROFILE "" CACHE STRING "Keychain profile name for stored Apple notarization credentials.") - endif() -endif() + +set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps") if(APPLE) # Perform the platform checks before applying the stricter compiler flags. @@ -106,7 +98,6 @@ if(WITH_XC_ALL) set(WITH_XC_AUTOTYPE ON) set(WITH_XC_NETWORKING ON) set(WITH_XC_BROWSER ON) - set(WITH_XC_BROWSER_PASSKEYS ON) set(WITH_XC_YUBIKEY ON) set(WITH_XC_SSHAGENT ON) set(WITH_XC_KEESHARE ON) @@ -127,8 +118,8 @@ if(UNIX AND NOT APPLE AND NOT WITH_XC_X11) endif() set(KEEPASSXC_VERSION_MAJOR "2") -set(KEEPASSXC_VERSION_MINOR "8") -set(KEEPASSXC_VERSION_PATCH "0") +set(KEEPASSXC_VERSION_MINOR "7") +set(KEEPASSXC_VERSION_PATCH "2") set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}") set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds") @@ -212,16 +203,6 @@ if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14.0") check_pie_supported() endif() -# Find Botan early since the version affects subsequent compiler options -find_package(Botan REQUIRED) -if(BOTAN_VERSION VERSION_GREATER_EQUAL "3.0.0") - set(WITH_XC_BOTAN3 TRUE) -elseif(BOTAN_VERSION VERSION_LESS "2.11.0") - # Check for minimum Botan version - message(FATAL_ERROR "Botan 2.11.0 or higher is required") -endif() -include_directories(SYSTEM ${BOTAN_INCLUDE_DIR}) - # Create position independent code for shared libraries and executables set(CMAKE_POSITION_INDEPENDENT_CODE ON) @@ -229,23 +210,17 @@ if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4") set(IS_32BIT TRUE) endif() -if("${CMAKE_CXX_COMPILER}" MATCHES "clang-cl(.exe)?$") - # clang-cl uses MSVC compiler flags - set(MSVC 1) - set(CMAKE_COMPILER_IS_CLANG_MSVC 1) -else() - set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$") - if("${CMAKE_C_COMPILER}" MATCHES "clang$" - OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__" - OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX}) - set(CMAKE_COMPILER_IS_CLANG 1) - endif() +set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$") +if("${CMAKE_C_COMPILER}" MATCHES "clang$" + OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__" + OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX}) + set(CMAKE_COMPILER_IS_CLANG 1) +endif() - if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$" - OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__" - OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX}) - set(CMAKE_COMPILER_IS_CLANGXX 1) - endif() +if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$" + OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__" + OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX}) + set(CMAKE_COMPILER_IS_CLANGXX 1) endif() macro(add_gcc_compiler_cxxflags FLAGS) @@ -323,10 +298,6 @@ if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug") check_add_gcc_compiler_flag("-Wshadow-compatible-local") check_add_gcc_compiler_flag("-Wshadow-local") add_gcc_compiler_flags("-Werror") - # This is needed since compiling against Botan3 requires compiling against C++20 - if(WITH_XC_BOTAN3) - add_gcc_compiler_cxxflags("-Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated") - endif() endif() if (NOT HAIKU) @@ -372,11 +343,7 @@ if(UNIX AND NOT APPLE) endif() set(CMAKE_C_STANDARD 99) -if(WITH_XC_BOTAN3) - set(CMAKE_CXX_STANDARD 20) -else() - set(CMAKE_CXX_STANDARD 17) -endif() +set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_STANDARD_REQUIRED ON) check_cxx_compiler_flag("-fsized-deallocation" CXX_HAS_fsized_deallocation) @@ -409,14 +376,10 @@ if (MSVC) message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!") endif() add_compile_options(/permissive- /utf-8) - # Clang-cl does not support /MP, /Zf, or /fsanitize=address - if (NOT CMAKE_COMPILER_IS_CLANG_MSVC) - add_compile_options(/MP) - if(IS_DEBUG_BUILD) - add_compile_options(/Zf) - if(MSVC_TOOLSET_VERSION GREATER 141) - add_compile_definitions(/fsanitize=address) - endif() + if(IS_DEBUG_BUILD) + add_compile_options(/Zf) + if(MSVC_TOOLSET_VERSION GREATER 141) + add_compile_definitions(/fsanitize=address) endif() endif() endif() @@ -432,7 +395,7 @@ if(WIN32) # By default MSVC enables NXCOMPAT add_compile_options(/guard:cf) add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF) - else() + else(MINGW) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase") set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase") # Enable high entropy ASLR for 64-bit builds @@ -442,8 +405,6 @@ if(WIN32) endif() endif() endif() - # Determine if we can link against the Windows SDK, used for Windows Hello support - find_library(WINSDK WindowsApp.lib) endif() if(APPLE AND WITH_APP_BUNDLE OR WIN32) @@ -486,7 +447,7 @@ if(WITH_COVERAGE) append_coverage_compiler_flags() set(COVERAGE_EXCLUDES - "'^(.+/)?thirdparty/.*'" + "'^(.+/)?(thirdparty|zxcvbn)/.*'" "'^(.+/)?main\\.cpp$$'" "'^(.+/)?cli/keepassxc-cli\\.cpp$$'" "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'") @@ -531,8 +492,8 @@ else() find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED) endif() -if(Qt5Core_VERSION VERSION_LESS "5.12.0") - message(FATAL_ERROR "Qt version 5.12.0 or higher is required") +if(Qt5Core_VERSION VERSION_LESS "5.2.0") + message(FATAL_ERROR "Qt version 5.2.0 or higher is required") endif() get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH) @@ -568,6 +529,12 @@ endif() # Make sure we don't enable asserts there. set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG) +# Find Botan2 +find_package(Botan2 REQUIRED) +if(BOTAN2_VERSION VERSION_LESS "2.11.0") + message(FATAL_ERROR "Botan2 2.11.0 or higher is required") +endif() +include_directories(SYSTEM ${BOTAN2_INCLUDE_DIR}) # Find Argon2 -- Botan 2.18 and below does not support threaded Argon2 find_library(ARGON2_LIBRARIES NAMES argon2) find_path(ARGON2_INCLUDE_DIR NAMES argon2.h PATH_SUFFIXES local/include) @@ -580,18 +547,9 @@ if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0") endif() include_directories(SYSTEM ${ZLIB_INCLUDE_DIR}) -# Find Minizip -find_package(Minizip REQUIRED) - if(WITH_XC_YUBIKEY) find_package(PCSC REQUIRED) include_directories(SYSTEM ${PCSC_INCLUDE_DIRS}) - - if(UNIX AND NOT APPLE) - find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED) - find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED) - include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR}) - endif() endif() if(UNIX) @@ -626,12 +584,6 @@ endif() include_directories(SYSTEM ${ZLIB_INCLUDE_DIR}) -find_library(ZXCVBN_LIBRARIES zxcvbn) -if(NOT ZXCVBN_LIBRARIES) - add_subdirectory(src/thirdparty/zxcvbn) - set(ZXCVBN_LIBRARIES zxcvbn) -endif(NOT ZXCVBN_LIBRARIES) - add_subdirectory(src) add_subdirectory(share) if(WITH_TESTS) diff --git a/COPYING b/COPYING index a00aaf28c..a518de87e 100644 --- a/COPYING +++ b/COPYING @@ -1,5 +1,5 @@ KeePassXC - http://www.keepassxc.org/ -Copyright (C) 2016-2023 KeePassXC Team +Copyright (C) 2016-2020 KeePassXC Team This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,24 +27,28 @@ Copyright: 2010-2012, Felix Geyer 2000-2008, Tom Sato 2013, Laszlo Papp 2013, David Faure - 2016-2023, KeePassXC Team + 2016-2020, KeePassXC Team License: GPL-2 or GPL-3 Comment: The "KeePassXC Team" in every copyright notice is formed by the following people: - droidmonkey - phoerious - - varjolintu - - hifi + - TheZ3ro - louib + - weslly Every other contributor is listed on https://github.com/keepassxreboot/keepassxc/graphs/contributors Files: cmake/CodeCoverage.cmake Copyright: 2012 - 2015, Lars Bilke License: BSD-3-clause -Files: cmake/FindBotan.cmake -Copyright: none -License: LGPL-2.1 +Files: cmake/FindYubiKey.cmake +Copyright: 2014 Kyle Manna +License: GPL-2 or GPL-3 + +Files: cmake/FindBotan2.cmake +Copyright: 2018 Ribose Inc. +License: BSD-2-clause Files: cmake/GenerateProductVersion.cmake Copyright: 2015 halex2005 @@ -137,27 +141,22 @@ Files: share/icons/badges/2_Expired.svg share/icons/database/C46_Help.svg share/icons/database/C53_Apply.svg share/icons/database/C61_Services.svg - share/icons/application/scalable/actions/proton.svg Copyright: 2022 KeePassXC Team License: MIT Files: share/icons/application/scalable/actions/application-exit.svg - share/icons/application/scalable/actions/arrow-collapse-down.svg share/icons/application/scalable/actions/attributes-copy.svg share/icons/application/scalable/actions/auto-type.svg - share/icons/application/scalable/actions/bitwarden.svg share/icons/application/scalable/actions/bugreport.svg share/icons/application/scalable/actions/chevron-double-down.svg share/icons/application/scalable/actions/chevron-double-right.svg share/icons/application/scalable/actions/clipboard-text.svg share/icons/application/scalable/actions/configure.svg - share/icons/application/scalable/actions/csv.svg share/icons/application/scalable/actions/database-change-key.svg share/icons/application/scalable/actions/database-lock.svg share/icons/application/scalable/actions/database-lock-all.svg share/icons/application/scalable/actions/database-merge.svg share/icons/application/scalable/actions/database-search.svg - share/icons/application/scalable/actions/database-settings.svg share/icons/application/scalable/actions/dialog-close.svg share/icons/application/scalable/actions/dialog-ok.svg share/icons/application/scalable/actions/document-close.svg @@ -178,7 +177,6 @@ Files: share/icons/application/scalable/actions/application-exit.svg share/icons/application/scalable/actions/entry-delete.svg share/icons/application/scalable/actions/entry-restore.svg share/icons/application/scalable/actions/entry-edit.svg - share/icons/application/scalable/actions/entry-expire.svg share/icons/application/scalable/actions/entry-new.svg share/icons/application/scalable/actions/favicon-download.svg share/icons/application/scalable/actions/fingerprint.svg @@ -198,16 +196,13 @@ Files: share/icons/application/scalable/actions/application-exit.svg share/icons/application/scalable/actions/move-up.svg share/icons/application/scalable/actions/object-locked.svg share/icons/application/scalable/actions/object-unlocked.svg - share/icons/application/scalable/actions/onepassword.svg share/icons/application/scalable/actions/paperclip.svg share/icons/application/scalable/actions/password-copy.svg - share/icons/application/scalable/actions/passkey.svg share/icons/application/scalable/actions/password-generator.svg share/icons/application/scalable/actions/password-show-off.svg share/icons/application/scalable/actions/password-show-on.svg share/icons/application/scalable/actions/qrcode.svg share/icons/application/scalable/actions/refresh.svg - share/icons/application/scalable/actions/remote-sync.svg share/icons/application/scalable/actions/reports.svg share/icons/application/scalable/actions/reports-exclude.svg share/icons/application/scalable/actions/sort-alphabetical-ascending.svg @@ -223,14 +218,12 @@ Files: share/icons/application/scalable/actions/application-exit.svg share/icons/application/scalable/actions/totp-copy.svg share/icons/application/scalable/actions/totp-copy-password.svg share/icons/application/scalable/actions/totp-edit.svg - share/icons/application/scalable/actions/totp-invalid.svg share/icons/application/scalable/actions/trash.svg share/icons/application/scalable/actions/url-copy.svg share/icons/application/scalable/actions/user-guide.svg share/icons/application/scalable/actions/username-copy.svg share/icons/application/scalable/actions/view-history.svg share/icons/application/scalable/actions/web.svg - share/icons/application/scalable/actions/yubikey-refresh.svg share/icons/application/scalable/apps/internet-web-browser.svg share/icons/application/scalable/apps/keepassxc.svg share/icons/application/scalable/apps/keepassxc-dark.svg @@ -245,12 +238,9 @@ Files: share/icons/application/scalable/actions/application-exit.svg share/icons/application/scalable/status/dialog-information.svg share/icons/application/scalable/status/dialog-warning.svg share/icons/application/scalable/status/security-high.svg - share/icons/application/scalable/actions/lock-open-alert.svg - share/icons/application/scalable/actions/lock-open.svg - share/icons/application/scalable/actions/lock.svg -Copyright: 2023 Pictogrammers -License: Apache-2.0 -Comment: Some icons are modified to fit KeePassXC design (https://pictogrammers.com/library/mdi/) +Copyright: 2019 Austin Andrews +License: SIL OPEN FONT LICENSE Version 1.1 +Comment: Taken from Material Design icon set (https://github.com/templarian/MaterialDesign/) Files: src/streams/qtiocompressor.* src/streams/QtIOCompressor @@ -258,7 +248,7 @@ Files: src/streams/qtiocompressor.* Copyright: 2009-2012, Nokia Corporation and/or its subsidiary(-ies) License: LGPL-2.1 or GPL-3 -Files: src/thirdparty/zxcvbn/zxcvbn.* +Files: src/zxcvbn/zxcvbn.* Copyright: 2015-2017, Tony Evans License: MIT diff --git a/INSTALL.md b/INSTALL.md index e83f064c0..4d6b4a646 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -6,21 +6,34 @@ For more information, see also the [_Building KeePassXC_](https://github.com/kee The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). -Toolchain and Build Dependencies -================================ +Build Dependencies +================== -The following build tools must exist within your PATH: +The following tools must exist within your PATH: -* cmake (>= 3.10.0) -* make (>= 4.2) or ninja (>= 1.10) -* g++ (>= 4.9) or clang++ (>= 6.0) +* make +* cmake (>= 3.3.0) +* g++ (>= 4.7) or clang++ (>= 6.0) * asciidoctor (>= 2.0) -* Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki: +The following libraries are required: -* [Set up Build Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux) -* [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows) -* [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS) +* Qt 5 (>= 5.9.5): qtbase5, qtbase5-private, libqt5svg5, qttools5, qt5-image-formats-plugins +* botan (>= 2.12) +* libargon2 +* zlib +* minizip +* readline (for completion in cli) +* qtx11extras, libxi, and libxtst (for auto-type on X11) +* qrencode +* libusb-1.0, pcsc-lite (for Yubikey support on Linux) + +Prepare the Building Environment +================================ + +* [Building Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux) +* [Building Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows) +* [Building Environment on MacOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS) Build Steps =========== @@ -44,13 +57,13 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm git pull ``` - For a stable build, it is recommended to check out the `latest` tag. + For a stable build, it is recommended to check out the `latest` branch. ``` git checkout latest ``` -2. Navigate to the directory where you have downloaded KeePassXC and run: +2. Navigate to the directory where you have downloaded KeePassXC and type these commands: ``` mkdir build @@ -58,37 +71,40 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm cmake -DWITH_XC_ALL=ON .. make ``` - -If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain. -For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC). - -Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory (`src/KeePassXC.app/Contents/MacOS` on macOS). +Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory. ## MacOS Build Notes -If you installed Qt@5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter: +If you installed Qt5 via Homebrew, you should be able to compile KeePassXC without any changes. If CMake fails to find your Qt installation, you can specify it manually by adding the following parameter: -`-DCMAKE_PREFIX_PATH=$(brew --prefix qt@5)/lib/cmake` +`-DCMAKE_PREFIX_PATH=$(brew --prefix qt5)/lib/cmake` + +(or whatever your Qt installation path is) When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS). ## Windows Build Notes +For detailed build steps see the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows). + +If you are using MSVC, you may have to specify your Vcpkg toolchain by adding the following CMake parameter: `-DCMAKE_TOOLCHAIN_FILE=C:\vcpkg\scripts\buildsystems\vcpkg.cmake` + If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command. CMake Configuration Options ========================== -## Recommended CMake Build Parameters +## Common Parameters ``` +-DCMAKE_INSTALL_PREFIX=$(brew --prefix) -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_BUILD_TYPE= -DWITH_GUI_TESTS=ON ``` -## Additional CMake Parameters +## KeePassXC Parameters KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake: @@ -96,7 +112,6 @@ KeePassXC comes with a variety of build options that can turn on/off features. M -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON) -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF) -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF) --DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF) -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF) -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF) -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF) diff --git a/README.md b/README.md index c541afe80..0142a698b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ -# KeePassXC -[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326) +# KeePassXC [![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1) [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc) [![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/) @@ -22,13 +21,12 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to * Password generator * Auto-Type passwords into applications * Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser -* Support for passkeys using the browser integration * Entry icon download -* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats +* Import databases from CSV, 1Password, and KeePass1 formats ### Advanced * Database reports (password health, HIBP, and statistics) -* Database export to CSV, XML, and HTML formats +* Database export to CSV and HTML formats * TOTP storage and generation * Field references between entries * File attachments and custom attributes @@ -56,10 +54,6 @@ You may directly contribute your own code by submitting a pull request. Please r Contributors are required to adhere to the project's [Code of Conduct](CODE-OF-CONDUCT.md). -## Generative AI - -Generative AI is fast becoming a first-party feature in most development environments, including GitHub itself. If the majority of a code submission is made using Generative AI (e.g., agent-based or vibe coding) then **we will document that in the pull request.** All code submissions go through a rigorous review process regardless of the development workflow or submitter. - ## License KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in [COPYING](./COPYING). diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 8f07bece0..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,46 +0,0 @@ -### Reporting Security Issues - -The KeePassXC team takes security vulnerabilities very seriously and appreciates your responsible disclosure efforts. We will make every effort to acknowledge your contributions and handle them promptly. - -To report a security issue, please use one of the following methods: - -- **GitHub Security Advisory:** Use the ["Report a Vulnerability"](https://github.com/keepassxreboot/keepassxc/security/advisories/new) tab on our GitHub repository. -- **Private Matrix Message:** Contact any of the following KeePassXC team members privately (also encrypted): - - [@droidmonkey_kpxc](https://matrix.to/#/@droidmonkey_kpxc:matrix.org) - - [@varjolintu](https://matrix.to/#/@varjolintu:matrix.org) - - [@phoerious](https://matrix.to/#/@phoerious:matrix.org) -- **Send an Email:** Send your report to team@keepassxc.org. We recommend encrypting the email if possible. - -Please **DO NOT** use public channels (e.g., GitHub issues, Matrix chat channels) for initial reporting of bona fide security vulnerabilities. - -Once you report a security issue, our team will respond with the next steps. After our initial reply, we will keep you informed of the progress towards a fix and full announcement. We may ask for additional information or guidance during this process. If we disagree that your report constitutes a genuine security vulnerability, we will inform you and close the report. Your report may be turned into an issue for further tracking. - -If you discover vulnerabilities in third-party modules used by KeePassXC, please report them to the maintainers of the respective modules. If the vulnerability impacts KeePassXC directly, we encourage you to notify us using the above methods. We will validate if the vulnerability is exploitable from KeePassXC code; please note that not all vulnerabilities are actually exploitable and do not constitute an immediate concern for the KeePassXC application. - -### Example Security Vulnerabilities - -When reporting, please ensure the issue falls under what can be considered a genuine security vulnerability for KeePassXC. Some examples include: - -- Unauthorized access to sensitive user data (e.g., passwords). -- Remote code execution or escalation of privileges. -- Bypassing authentication or encryption mechanisms. -- Broken or improperly implemented encryption methods. - -### Counter Examples - -The following issues are **not** considered security vulnerabilities: - -- Bugs caused by locally modifying the application (e.g., injecting DLLs, altering code). -- Crashes or misbehavior resulting from normal use (report this as a normal issue). -- Vulnerabilities found in third-party modules (should be reported to the module’s maintainers). - -### CVE Reporting Policy - -Please **DO NOT** submit a report to a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) before confirming the security vulnerability with the KeePassXC team. If we do not respond to your report within 30 days, this restriction no longer applies. - - -### Other Communication - -For other inquiries (e.g., developer questions, user questions), please use the public channels on Matrix: -- **User's Channel:** [#keepassxc:mozilla.org](https://matrix.to/#/#keepassxc:mozilla.org) -- **Developer's Channel:** [#keepassxc-dev:mozilla.org](https://matrix.to/#/#keepassxc-dev:mozilla.org) diff --git a/cmake/CLangFormat.cmake b/cmake/CLangFormat.cmake index 9ddc4edb2..b2df97d4d 100644 --- a/cmake/CLangFormat.cmake +++ b/cmake/CLangFormat.cmake @@ -16,8 +16,9 @@ set(EXCLUDED_DIRS # third-party directories src/thirdparty + src/zxcvbn # objective-c directories - src/quickunlock/touchid + src/touchid src/autotype/mac src/gui/osutils/macutils) diff --git a/cmake/FindBotan.cmake b/cmake/FindBotan.cmake deleted file mode 100644 index dfa415c1d..000000000 --- a/cmake/FindBotan.cmake +++ /dev/null @@ -1,65 +0,0 @@ -# - Find botan -# Find the botan cryptographic library -# -# This module defines the following variables: -# BOTAN_FOUND - True if library and include directory are found -# If set to TRUE, the following are also defined: -# BOTAN_INCLUDE_DIRS - The directory where to find the header file -# BOTAN_LIBRARIES - Where to find the library files -# -# This file is in the public domain (https://github.com/vistle/vistle/blob/master/cmake/Modules/FindBOTAN.cmake) - -include(FindPackageHandleStandardArgs) - -set(BOTAN_VERSIONS botan-3 botan-2) -set(BOTAN_NAMES botan-3 botan-2 botan) -set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan botan-3) - -find_path( - BOTAN_INCLUDE_DIR - NAMES botan/build.h - PATH_SUFFIXES ${BOTAN_VERSIONS} - DOC "The Botan include directory") -if(BOTAN_INCLUDE_DIR) - file(READ "${BOTAN_INCLUDE_DIR}/botan/build.h" build) - string(REGEX MATCH "BOTAN_VERSION_MAJOR ([0-9]*)" _ ${build}) - set(BOTAN_VERSION_MAJOR ${CMAKE_MATCH_1}) - string(REGEX MATCH "BOTAN_VERSION_MINOR ([0-9]*)" _ ${build}) - set(BOTAN_VERSION_MINOR ${CMAKE_MATCH_1}) - string(REGEX MATCH "BOTAN_VERSION_PATCH ([0-9]*)" _ ${build}) - set(BOTAN_VERSION_PATCH ${CMAKE_MATCH_1}) - set(BOTAN_VERSION "${BOTAN_VERSION_MAJOR}.${BOTAN_VERSION_MINOR}.${BOTAN_VERSION_PATCH}") -endif() - -find_library( - BOTAN_LIBRARY - NAMES ${BOTAN_NAMES} - PATH_SUFFIXES release/lib lib - DOC "The Botan (release) library") -if(WIN32 AND NOT MINGW) - find_library( - BOTAN_LIBRARY_DEBUG - NAMES ${BOTAN_NAMES_DEBUG} - PATH_SUFFIXES debug/lib lib - DOC "The Botan debug library") - find_package_handle_standard_args( - Botan - REQUIRED_VARS BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG BOTAN_INCLUDE_DIR - VERSION_VAR BOTAN_VERSION) -else() - find_package_handle_standard_args( - Botan - REQUIRED_VARS BOTAN_LIBRARY BOTAN_INCLUDE_DIR - VERSION_VAR BOTAN_VERSION) -endif() - -if(BOTAN_FOUND) - set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR}) - if(WIN32 AND NOT MINGW) - set(BOTAN_LIBRARIES optimized ${BOTAN_LIBRARY} debug ${BOTAN_LIBRARY_DEBUG}) - else() - set(BOTAN_LIBRARIES ${BOTAN_LIBRARY}) - endif() -endif() - -mark_as_advanced(BOTAN_INCLUDE_DIR BOTAN_LIBRARY BOTAN_LIBRARY_DEBUG) diff --git a/cmake/FindBotan2.cmake b/cmake/FindBotan2.cmake new file mode 100644 index 000000000..20a9e7fc3 --- /dev/null +++ b/cmake/FindBotan2.cmake @@ -0,0 +1,106 @@ +# Copyright (c) 2018 Ribose Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +#.rst: +# FindBotan2 +# ----------- +# +# Find the botan-2 library. +# +# IMPORTED Targets +# ^^^^^^^^^^^^^^^^ +# +# This module defines :prop_tgt:`IMPORTED` targets: +# +# ``Botan2::Botan2`` +# The botan-2 library, if found. +# +# Result variables +# ^^^^^^^^^^^^^^^^ +# +# This module defines the following variables: +# +# :: +# +# BOTAN2_FOUND - true if the headers and library were found +# BOTAN2_INCLUDE_DIRS - where to find headers +# BOTAN2_LIBRARIES - list of libraries to link +# BOTAN2_VERSION - library version that was found, if any + +# find the headers +find_path(BOTAN2_INCLUDE_DIR + NAMES botan/version.h + PATH_SUFFIXES botan-2 +) + +# find the library +find_library(BOTAN2_LIBRARY NAMES botan-2 libbotan-2 botan) + +# determine the version +if(BOTAN2_INCLUDE_DIR AND EXISTS "${BOTAN2_INCLUDE_DIR}/botan/build.h") + file(STRINGS "${BOTAN2_INCLUDE_DIR}/botan/build.h" botan2_version_str + REGEX "^#define[\t ]+(BOTAN_VERSION_[A-Z]+)[\t ]+[0-9]+") + + string(REGEX REPLACE ".*#define[\t ]+BOTAN_VERSION_MAJOR[\t ]+([0-9]+).*" + "\\1" _botan2_version_major "${botan2_version_str}") + string(REGEX REPLACE ".*#define[\t ]+BOTAN_VERSION_MINOR[\t ]+([0-9]+).*" + "\\1" _botan2_version_minor "${botan2_version_str}") + string(REGEX REPLACE ".*#define[\t ]+BOTAN_VERSION_PATCH[\t ]+([0-9]+).*" + "\\1" _botan2_version_patch "${botan2_version_str}") + set(BOTAN2_VERSION "${_botan2_version_major}.${_botan2_version_minor}.${_botan2_version_patch}" + CACHE INTERNAL "The version of Botan which was detected") +endif() + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(Botan2 + REQUIRED_VARS BOTAN2_LIBRARY BOTAN2_INCLUDE_DIR + VERSION_VAR BOTAN2_VERSION +) + +if(BOTAN2_FOUND) + set(BOTAN2_INCLUDE_DIRS ${BOTAN2_INCLUDE_DIR} ${PC_BOTAN2_INCLUDE_DIRS}) + set(BOTAN2_LIBRARIES ${BOTAN2_LIBRARY}) +endif() + +if(BOTAN2_FOUND AND NOT TARGET Botan2::Botan2) + # create the new library target + add_library(Botan2::Botan2 UNKNOWN IMPORTED) + # set the required include dirs for the target + if(BOTAN2_INCLUDE_DIRS) + set_target_properties(Botan2::Botan2 + PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${BOTAN2_INCLUDE_DIRS}" + ) + endif() + # set the required libraries for the target + if(EXISTS "${BOTAN2_LIBRARY}") + set_target_properties(Botan2::Botan2 + PROPERTIES + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${BOTAN2_LIBRARY}" + ) + endif() +endif() + +mark_as_advanced(BOTAN2_INCLUDE_DIR BOTAN2_LIBRARY) diff --git a/cmake/FindPCSC.cmake b/cmake/FindPCSC.cmake index c43487700..ae3265fff 100644 --- a/cmake/FindPCSC.cmake +++ b/cmake/FindPCSC.cmake @@ -21,38 +21,16 @@ endif() if(NOT PCSC_FOUND) # Search for PC/SC headers on Mac and Windows - - # Additional search paths for Windows if not running in Visual Studio environment - if (WIN32) - # Resolve the ambiguity of using two names for one architecture - if(CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "x64") - set(ARCH_DIR "x64") - else() - set(ARCH_DIR "${CMAKE_SYSTEM_PROCESSOR}") - endif() - - # Locate Windows SDK Paths - if (CMAKE_WINDOWS_KITS_10_DIR) - set(WINSDKROOTC_INCLUDE "${CMAKE_WINDOWS_KITS_10_DIR}/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um") - set(WINSDKROOTC_LIB "${CMAKE_WINDOWS_KITS_10_DIR}/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}") - else() - set(WINSDKROOTC_INCLUDE "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um") - set(WINSDKROOTC_LIB "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}") - endif() - endif() - find_path(PCSC_INCLUDE_DIRS winscard.h HINTS - ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES} - /usr/include/PCSC - ${WINSDKROOTC_INCLUDE} + ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES} + /usr/include/PCSC PATH_SUFFIXES PCSC) # MAC library is PCSC, Windows library is WinSCard find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC HINTS - ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES} - ${WINSDKROOTC_LIB}) + ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}) endif() include(FindPackageHandleStandardArgs) diff --git a/cmake/FindQREncode.cmake b/cmake/FindQREncode.cmake index 9f12def98..69850edf5 100644 --- a/cmake/FindQREncode.cmake +++ b/cmake/FindQREncode.cmake @@ -15,12 +15,12 @@ find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h) -if(WIN32 AND NOT MINGW) - find_library(QRENCODE_LIBRARY_RELEASE qrencode) - find_library(QRENCODE_LIBRARY_DEBUG qrencoded) - set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG}) +if (VCPKG_INSTALLED_DIR) + find_library(QRENCODE_LIBRARY_RELEASE qrencode) + find_library(QRENCODE_LIBRARY_DEBUG qrencoded) + set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG}) else() - find_library(QRENCODE_LIBRARY qrencode) + find_library(QRENCODE_LIBRARY qrencode) endif() mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR) diff --git a/cmake/KPXCMacDeployHelpers.cmake b/cmake/KPXCMacDeployHelpers.cmake index f86067cbc..d22051d32 100644 --- a/cmake/KPXCMacDeployHelpers.cmake +++ b/cmake/KPXCMacDeployHelpers.cmake @@ -1,5 +1,5 @@ # Running macdeployqt on a POST_BUILD copied binaries is pointless when using CPack because -# the copied binaries will be overridden by the corresponding install(TARGETS) commands. +# the copied binaries will be overriden by the corresponding install(TARGETS) commands. # That's why we run macdeployqt using install(CODE) on the already installed binaries. # The precondition is that all install(TARGETS) calls have to be called before this function is # called. diff --git a/cmake/MacOSCodesign.cmake.in b/cmake/MacOSCodesign.cmake.in deleted file mode 100644 index 9b2ceb49e..000000000 --- a/cmake/MacOSCodesign.cmake.in +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright (C) 2025 KeePassXC Team -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 or (at your option) -# version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# CPACK_PACKAGE_FILES is set only during POST_BUILD -if(NOT CPACK_PACKAGE_FILES) # PRE_BUILD: Sign binaries - - set(PROGNAME "@PROGNAME@") - set(CODESIGN_IDENTITY "@WITH_XC_CODESIGN_IDENTITY@") - set(ENTITLEMENTS @MACOSX_BUNDLE_APPLE_ENTITLEMENTS@) - set(APP_DIR "${CPACK_TEMPORARY_INSTALL_DIRECTORY}/ALL_IN_ONE/${PROGNAME}.app") - - if(NOT CODESIGN_IDENTITY) - message(FATAL_ERROR "No codesign identity specified.") - endif() - - message(STATUS "Codesign identity used: ${CODESIGN_IDENTITY}") - message(STATUS "Signing ${PROGNAME}.app, this may take while...") - - # Sign all binaries - execute_process( - COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --deep "${APP_DIR}" - RESULT_VARIABLE SIGN_RESULT - OUTPUT_VARIABLE SIGN_OUTPUT - ERROR_VARIABLE SIGN_ERROR - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_STRIP_TRAILING_WHITESPACE - ECHO_OUTPUT_VARIABLE - ) - if (NOT SIGN_RESULT EQUAL 0) - message(FATAL_ERROR "Signing binaries failed: ${SIGN_ERROR}") - endif() - - # (Re-)Sign main executable with --entitlements - execute_process( - COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --entitlements=${ENTITLEMENTS} "${APP_DIR}/Contents/MacOS/${PROGNAME}" - RESULT_VARIABLE SIGN_RESULT - OUTPUT_VARIABLE SIGN_OUTPUT - ERROR_VARIABLE SIGN_ERROR - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_STRIP_TRAILING_WHITESPACE - ECHO_OUTPUT_VARIABLE - ) - if (NOT SIGN_RESULT EQUAL 0) - message(FATAL_ERROR "Signing main binary failed: ${SIGN_ERROR}") - endif() - - message(STATUS "${PROGNAME}.app signed successfully.") - -else() # POST_BUILD: Notarize DMG - set(KEYCHAIN_PROFILE "@WITH_XC_NOTARY_KEYCHAIN_PROFILE@") - if(NOT KEYCHAIN_PROFILE) - message(FATAL_ERROR "No notarization credentials keychain profile specified.") - endif() - - foreach(DMG_FILE ${CPACK_PACKAGE_FILES}) - # Submit for notarization - message(STATUS "Submitting DMG bundle for notarization, this may take while...") - execute_process( - COMMAND xcrun notarytool submit --keychain-profile=${KEYCHAIN_PROFILE} --wait "${DMG_FILE}" - RESULT_VARIABLE NOTARIZE_RESULT - OUTPUT_VARIABLE NOTARIZE_OUTPUT - ERROR_VARIABLE NOTARIZE_ERROR - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_STRIP_TRAILING_WHITESPACE - ECHO_OUTPUT_VARIABLE - ) - if (NOT NOTARIZE_RESULT EQUAL 0) - message(FATAL_ERROR "Notarization failed: ${NOTARIZE_ERROR}") - endif() - message(STATUS "DMG bundle notarized successfully.") - - # Staple tickets - message(STATUS "Stapling notarization ticket...") - execute_process( - COMMAND xcrun stapler staple "${DMG_FILE}" && xcrun stapler validate "${DMG_FILE}" - RESULT_VARIABLE STAPLE_RESULT - OUTPUT_VARIABLE STAPLE_OUTPUT - ERROR_VARIABLE STAPLE_ERROR - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_STRIP_TRAILING_WHITESPACE - ECHO_OUTPUT_VARIABLE - ) - if (NOT STAPLE_RESULT EQUAL 0) - message(FATAL_ERROR "Stapling failed: ${STAPLE_ERROR}") - endif() - message(STATUS "DMG bundle notarization ticket stapled successfully.") - endforeach() -endif() \ No newline at end of file diff --git a/cmake/MakePortableZip.cmake b/cmake/MakePortableZip.cmake new file mode 100644 index 000000000..6f873c5d5 --- /dev/null +++ b/cmake/MakePortableZip.cmake @@ -0,0 +1,3 @@ +if (CMAKE_INSTALL_PREFIX MATCHES "/ZIP/") + file(TOUCH "${CMAKE_INSTALL_PREFIX}/.portable") +endif() diff --git a/cmake/WindowsCodesign.cmake.in b/cmake/WindowsCodesign.cmake.in deleted file mode 100644 index fb59440f0..000000000 --- a/cmake/WindowsCodesign.cmake.in +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright (C) 2025 KeePassXC Team -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 or (at your option) -# version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -set(INSTALL_DIR ${CPACK_TEMPORARY_INSTALL_DIRECTORY}) -set(CODESIGN_IDENTITY @WITH_XC_CODESIGN_IDENTITY@) -set(TIMESTAMP_URL @WITH_XC_CODESIGN_TIMESTAMP_URL@) - -if(CPACK_PACKAGE_FILES) - # This variable is set only during POST_BUILD, reset SIGN_FILES first - set(SIGN_FILES "") - foreach(PACKAGE_FILE ${CPACK_PACKAGE_FILES}) - # Check each package file to see if it can be signed - if(PACKAGE_FILE MATCHES "\\.msix?$" OR PACKAGE_FILE MATCHES "\\.exe$") - message(STATUS "Adding ${PACKAGE_FILE} for signature") - list(APPEND SIGN_FILES "${PACKAGE_FILE}") - endif() - endforeach() -else() - # Setup portable zip file if building one - if(INSTALL_DIR MATCHES "/ZIP/") - file(TOUCH "${INSTALL_DIR}/.portable") - message(STATUS "Injected portable marker into ZIP file.") - endif() - - # Find all dll and exe files in the install directory - file(GLOB_RECURSE SIGN_FILES - RELATIVE "${INSTALL_DIR}" - "${INSTALL_DIR}/*.dll" - "${INSTALL_DIR}/*.exe" - ) -endif() - -# Sign relevant binaries if requested -if(CODESIGN_IDENTITY AND SIGN_FILES) - # Find signtool in PATH or error out - find_program(SIGNTOOL signtool.exe QUIET) - if(NOT SIGNTOOL) - message(FATAL_ERROR "signtool.exe not found in PATH, correct or unset WITH_XC_CODESIGN_IDENTITY") - endif() - - # Check that a certificate thumbprint was provided or error out - if(CODESIGN_IDENTITY STREQUAL "auto") - message(STATUS "Signing using best available certificate.") - set(CERT_OPTS /a) - else () - message(STATUS "Signing using certificate with fingerprint ${CODESIGN_IDENTITY}.") - set(CERT_OPTS /sha1 ${CODESIGN_IDENTITY}) - endif() - - message(STATUS "Signing binary files, this may take a while...") - # Use cmd /c to enable pop-up for pin entry if needed - execute_process( - COMMAND cmd /c ${SIGNTOOL} sign /fd SHA256 ${CERT_OPTS} /tr ${TIMESTAMP_URL} /td SHA256 /d ${CPACK_PACKAGE_FILE_NAME} ${SIGN_FILES} - WORKING_DIRECTORY "${INSTALL_DIR}" - RESULT_VARIABLE SIGN_RESULT - OUTPUT_VARIABLE SIGN_OUTPUT - ERROR_VARIABLE SIGN_ERROR - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_STRIP_TRAILING_WHITESPACE - ECHO_OUTPUT_VARIABLE - ) - if(NOT SIGN_RESULT EQUAL 0) - message(FATAL_ERROR "Signing binary files failed: ${SIGN_ERROR}") - endif() - - message(STATUS "Binary files signed successfully.") -endif() diff --git a/codecov.yaml b/codecov.yaml index 96ac133ef..d92656b6f 100644 --- a/codecov.yaml +++ b/codecov.yaml @@ -1,27 +1,8 @@ -codecov: - require_ci_to_pass: false coverage: range: 60..80 round: nearest precision: 2 - status: - project: - default: - target: auto - threshold: 0.5% - paths: - - "src" - patch: - default: - target: 50% - threshold: 0% - informational: true - paths: - - "src" fixes: - "*/src/::" -ignore: - - "src/gui/styles/**" - - "src/thirdparty/**" comment: require_changes: true diff --git a/utils/fuzz-testing/README.md b/docs/FuzzTest.md similarity index 91% rename from utils/fuzz-testing/README.md rename to docs/FuzzTest.md index 9f2c1fc27..cb73fbd27 100644 --- a/utils/fuzz-testing/README.md +++ b/docs/FuzzTest.md @@ -27,7 +27,7 @@ A special "instrumented build" is used that allows the fuzzer to look into the p $ CXX=afl-g++ AFL_HARDEN=1 cmake -DWITH_XC_ALL=ON .. $ make -In the source code, special behavior for fuzz testing can be implemented with `#ifdef __AFL_COMPILER`. For example, in fuzz builds, the KeePassXC CLI takes the database password from environment variable `KEEPASSXC_AFL_PASSWORD` to allow non-interactive operation. +In the source code, special behavior for fuzz testing can be implemented with `#ifdef __AFL_COMPILER`. For example, in fuzz builds, the KeePassXC CLI takes the database password from environment variable `KEYPASSXC_AFL_PASSWORD` to allow non-interactive operation. ## Prepare Fuzzer Input @@ -35,18 +35,18 @@ To get the fuzzer started, we provide empty password database files (the passwor $ cd buildafl $ mkdir -p findings/testcases - $ cp ../utils/fuzz-testing/empty*.kdbx findings/testcases + $ cp ../share/empty*.kdbx findings/testcases The fuzzer works by running KeePassXC with variations of this input, mutated in ways that make the program crash or hang. ## Run The Fuzzer $ cd buildafl - $ KEEPASSXC_AFL_PASSWORD=secret afl-fuzz -i findings/testcases -o findings -m 2000 -t 1000 src/cli/keepassxc-cli ls @@ + $ KEYPASSXC_AFL_PASSWORD=secret afl-fuzz -i findings/testcases -o findings -m 2000 -t 1000 src/cli/keepassxc-cli ls @@ This fuzz-tests the `ls` command of the KeePassXC CLI, which loads and decrypts a database file and then lists its contents. The parameters mean: -* `KEEPASSXC_AFL_PASSWORD=secret`: In fuzz test builds, the KeePassXC CLI takes the database password from this environment variable. +* `KEYPASSXC_AFL_PASSWORD=secret`: In fuzz test builds, the KeePassXC CLI takes the database password from this environment variable. * `-i findings/testcases`: The directory which contains the initial fuzzer input. * `-o findings`: The directory in which to store fuzzer results. * `-m 2000`: Fuzzer memory (in megabytes). Adjust as required if the fuzzer fails to start up. diff --git a/docs/GettingStarted.adoc b/docs/GettingStarted.adoc index 08d331ba0..5135e09e2 100644 --- a/docs/GettingStarted.adoc +++ b/docs/GettingStarted.adoc @@ -7,7 +7,6 @@ KeePassXC Team :imagesdir: images :stylesheet: styles/dark.css :toc: left -:experimental: ifdef::backend-pdf[] :title-page: :title-logo-image: {imagesdir}/kpxc_logo.png @@ -27,8 +26,8 @@ include::topics/DownloadInstall.adoc[tags=*;!advanced] include::topics/UserInterface.adoc[tags=*;!advanced] -include::topics/DatabaseOperations.adoc[tags=*;!advanced] - include::topics/PasswordGenerator.adoc[tags=*;!advanced] -include::topics/BrowserIntegration.adoc[tags=*;!advanced] +include::topics/DatabaseOperations.adoc[tags=*;!advanced] + +include::topics/BrowserPlugin.adoc[tags=*;!advanced] diff --git a/docs/UserGuide.adoc b/docs/UserGuide.adoc index b96e1eff1..4000f5641 100644 --- a/docs/UserGuide.adoc +++ b/docs/UserGuide.adoc @@ -6,8 +6,6 @@ KeePassXC Team :imagesdir: images :stylesheet: styles/dark.css :toc: left -:sectanchors: -:experimental: ifdef::backend-pdf[] :title-page: :title-logo-image: {imagesdir}/kpxc_logo.png @@ -25,19 +23,15 @@ include::topics/UserInterface.adoc[tags=*] include::topics/DatabaseOperations.adoc[tags=*] -include::topics/PasswordGenerator.adoc[tags=*] - include::topics/ImportExport.adoc[tags=*] -include::topics/KeeShare.adoc[tags=*] +include::topics/PasswordGenerator.adoc[tags=*] -include::topics/BrowserIntegration.adoc[tags=*] - -include::topics/Passkeys.adoc[tags=*] +include::topics/BrowserPlugin.adoc[tags=*] include::topics/AutoType.adoc[tags=*] -include::topics/SecretService.adoc[tags=*] +include::topics/KeeShare.adoc[tags=*] include::topics/SSHAgent.adoc[tags=*] diff --git a/docs/images/autoopen.png b/docs/images/autoopen.png index 3bc9ac85d..a825accc2 100644 Binary files a/docs/images/autoopen.png and b/docs/images/autoopen.png differ diff --git a/docs/images/autoopen_ifdevice.png b/docs/images/autoopen_ifdevice.png index 0bfb756f5..96af037fc 100644 Binary files a/docs/images/autoopen_ifdevice.png and b/docs/images/autoopen_ifdevice.png differ diff --git a/docs/images/autotype_entry_sequences.png b/docs/images/autotype_entry_sequences.png index 5c9581519..36b38348c 100644 Binary files a/docs/images/autotype_entry_sequences.png and b/docs/images/autotype_entry_sequences.png differ diff --git a/docs/images/autotype_entrylevel.png b/docs/images/autotype_entrylevel.png index ea4e5a2cb..0c9479912 100644 Binary files a/docs/images/autotype_entrylevel.png and b/docs/images/autotype_entrylevel.png differ diff --git a/docs/images/autotype_selection_dialog.png b/docs/images/autotype_selection_dialog.png index f7304513b..ce94f6cfa 100644 Binary files a/docs/images/autotype_selection_dialog.png and b/docs/images/autotype_selection_dialog.png differ diff --git a/docs/images/autotype_selection_dialog_search.png b/docs/images/autotype_selection_dialog_search.png index 078a9c36f..96d0fbeec 100644 Binary files a/docs/images/autotype_selection_dialog_search.png and b/docs/images/autotype_selection_dialog_search.png differ diff --git a/docs/images/autotype_selection_dialog_type_menu.png b/docs/images/autotype_selection_dialog_type_menu.png index bf99ce627..08fb0f9ee 100644 Binary files a/docs/images/autotype_selection_dialog_type_menu.png and b/docs/images/autotype_selection_dialog_type_menu.png differ diff --git a/docs/images/autotype_settings.png b/docs/images/autotype_settings.png index dd70000c8..624185a23 100644 Binary files a/docs/images/autotype_settings.png and b/docs/images/autotype_settings.png differ diff --git a/docs/images/browser_advanced_settings.png b/docs/images/browser_advanced_settings.png index 60c6a8762..9f4a8bd2f 100644 Binary files a/docs/images/browser_advanced_settings.png and b/docs/images/browser_advanced_settings.png differ diff --git a/docs/images/browser_confirm_access_dialog.png b/docs/images/browser_confirm_access_dialog.png index 5bdd84502..0e268e4ff 100644 Binary files a/docs/images/browser_confirm_access_dialog.png and b/docs/images/browser_confirm_access_dialog.png differ diff --git a/docs/images/browser_custom_browser_configuration.png b/docs/images/browser_custom_browser_configuration.png deleted file mode 100644 index ed9cad18a..000000000 Binary files a/docs/images/browser_custom_browser_configuration.png and /dev/null differ diff --git a/docs/images/browser_database_settings.png b/docs/images/browser_database_settings.png index 2e4e28fd3..e8fb7d59e 100644 Binary files a/docs/images/browser_database_settings.png and b/docs/images/browser_database_settings.png differ diff --git a/docs/images/browser_entry_settings.png b/docs/images/browser_entry_settings.png index 3545f2bfa..0a2b4dd71 100644 Binary files a/docs/images/browser_entry_settings.png and b/docs/images/browser_entry_settings.png differ diff --git a/docs/images/browser_extension_association.png b/docs/images/browser_extension_association.png index 3c3ef0ae9..1a2368eb0 100644 Binary files a/docs/images/browser_extension_association.png and b/docs/images/browser_extension_association.png differ diff --git a/docs/images/browser_extension_connect.png b/docs/images/browser_extension_connect.png index 39caca0ad..74674745f 100644 Binary files a/docs/images/browser_extension_connect.png and b/docs/images/browser_extension_connect.png differ diff --git a/docs/images/browser_extension_icons.png b/docs/images/browser_extension_icons.png index f8430265e..bd2ba77ef 100644 Binary files a/docs/images/browser_extension_icons.png and b/docs/images/browser_extension_icons.png differ diff --git a/docs/images/browser_extension_reload.png b/docs/images/browser_extension_reload.png index 178c19ff0..e3272582f 100644 Binary files a/docs/images/browser_extension_reload.png and b/docs/images/browser_extension_reload.png differ diff --git a/docs/images/browser_fill_credentials.png b/docs/images/browser_fill_credentials.png index 6be94ee2b..5766f4a84 100644 Binary files a/docs/images/browser_fill_credentials.png and b/docs/images/browser_fill_credentials.png differ diff --git a/docs/images/browser_group_settings.png b/docs/images/browser_group_settings.png index 57794492d..c9dc5bd60 100644 Binary files a/docs/images/browser_group_settings.png and b/docs/images/browser_group_settings.png differ diff --git a/docs/images/browser_integration_additional_attribute.png b/docs/images/browser_integration_additional_attribute.png deleted file mode 100644 index 361b7c30d..000000000 Binary files a/docs/images/browser_integration_additional_attribute.png and /dev/null differ diff --git a/docs/images/browser_integration_clear_sites.png b/docs/images/browser_integration_clear_sites.png deleted file mode 100644 index 1a0234d46..000000000 Binary files a/docs/images/browser_integration_clear_sites.png and /dev/null differ diff --git a/docs/images/browser_settings.png b/docs/images/browser_settings.png index a8dd708a0..aa14eb4ce 100644 Binary files a/docs/images/browser_settings.png and b/docs/images/browser_settings.png differ diff --git a/docs/images/browser_statistics.png b/docs/images/browser_statistics.png index d0fc60bc0..5321ff8da 100644 Binary files a/docs/images/browser_statistics.png and b/docs/images/browser_statistics.png differ diff --git a/docs/images/clone_entry.png b/docs/images/clone_entry.png index e01b38e0b..bd3145fb9 100644 Binary files a/docs/images/clone_entry.png and b/docs/images/clone_entry.png differ diff --git a/docs/images/clone_entry_dialog.png b/docs/images/clone_entry_dialog.png index c4df4c575..8fd9d49c5 100644 Binary files a/docs/images/clone_entry_dialog.png and b/docs/images/clone_entry_dialog.png differ diff --git a/docs/images/clone_entry_references.png b/docs/images/clone_entry_references.png index ce4321c0c..99e16d6a4 100644 Binary files a/docs/images/clone_entry_references.png and b/docs/images/clone_entry_references.png differ diff --git a/docs/images/compact_mode_comparison.png b/docs/images/compact_mode_comparison.png index ec37cfd9d..dbc4a31d1 100644 Binary files a/docs/images/compact_mode_comparison.png and b/docs/images/compact_mode_comparison.png differ diff --git a/docs/images/csv_import.png b/docs/images/csv_import.png index cddd2c4e0..7867d0043 100644 Binary files a/docs/images/csv_import.png and b/docs/images/csv_import.png differ diff --git a/docs/images/database_maintenance.png b/docs/images/database_maintenance.png index 4f994373d..4c3f2b4e0 100644 Binary files a/docs/images/database_maintenance.png and b/docs/images/database_maintenance.png differ diff --git a/docs/images/database_security.png b/docs/images/database_security.png index 3ecf5fc3a..f2d8b0586 100644 Binary files a/docs/images/database_security.png and b/docs/images/database_security.png differ diff --git a/docs/images/database_security_credentials.png b/docs/images/database_security_credentials.png index 2ae903f5c..bc947fbc6 100644 Binary files a/docs/images/database_security_credentials.png and b/docs/images/database_security_credentials.png differ diff --git a/docs/images/database_security_encryption.png b/docs/images/database_security_encryption.png index aa2721421..86f0f9996 100644 Binary files a/docs/images/database_security_encryption.png and b/docs/images/database_security_encryption.png differ diff --git a/docs/images/database_security_encryption_advanced.png b/docs/images/database_security_encryption_advanced.png index 617c61fd6..cb68078e2 100644 Binary files a/docs/images/database_security_encryption_advanced.png and b/docs/images/database_security_encryption_advanced.png differ diff --git a/docs/images/database_settings.png b/docs/images/database_settings.png index adf2b48e2..26a352590 100644 Binary files a/docs/images/database_settings.png and b/docs/images/database_settings.png differ diff --git a/docs/images/database_view.png b/docs/images/database_view.png index 77b655741..3d5dc4b3b 100644 Binary files a/docs/images/database_view.png and b/docs/images/database_view.png differ diff --git a/docs/images/edit_entry.png b/docs/images/edit_entry.png index ad5b14652..8672a22b5 100644 Binary files a/docs/images/edit_entry.png and b/docs/images/edit_entry.png differ diff --git a/docs/images/edit_entry_attachments.png b/docs/images/edit_entry_attachments.png index fea995b52..42bef27da 100644 Binary files a/docs/images/edit_entry_attachments.png and b/docs/images/edit_entry_attachments.png differ diff --git a/docs/images/edit_entry_attributes.png b/docs/images/edit_entry_attributes.png index 2a48669fb..047c4fd68 100644 Binary files a/docs/images/edit_entry_attributes.png and b/docs/images/edit_entry_attributes.png differ diff --git a/docs/images/edit_entry_colors.png b/docs/images/edit_entry_colors.png index c2eff3969..0c9482a82 100644 Binary files a/docs/images/edit_entry_colors.png and b/docs/images/edit_entry_colors.png differ diff --git a/docs/images/edit_entry_history.png b/docs/images/edit_entry_history.png index e4856642b..9a6c1cbb4 100644 Binary files a/docs/images/edit_entry_history.png and b/docs/images/edit_entry_history.png differ diff --git a/docs/images/edit_entry_icons.png b/docs/images/edit_entry_icons.png index 7b2f0fae5..1cc46cdec 100644 Binary files a/docs/images/edit_entry_icons.png and b/docs/images/edit_entry_icons.png differ diff --git a/docs/images/edit_entry_properties.png b/docs/images/edit_entry_properties.png index a50c21ff0..c781192ae 100644 Binary files a/docs/images/edit_entry_properties.png and b/docs/images/edit_entry_properties.png differ diff --git a/docs/images/export_database.png b/docs/images/export_database.png index fd423ccee..aa46f0865 100644 Binary files a/docs/images/export_database.png and b/docs/images/export_database.png differ diff --git a/docs/images/import_wizard.png b/docs/images/import_wizard.png deleted file mode 100644 index bba4cdd94..000000000 Binary files a/docs/images/import_wizard.png and /dev/null differ diff --git a/docs/images/install_wizard_1.png b/docs/images/install_wizard_1.png index a3b49c541..a466f834b 100644 Binary files a/docs/images/install_wizard_1.png and b/docs/images/install_wizard_1.png differ diff --git a/docs/images/install_wizard_2.png b/docs/images/install_wizard_2.png index f3ca19e16..b7c9c0712 100644 Binary files a/docs/images/install_wizard_2.png and b/docs/images/install_wizard_2.png differ diff --git a/docs/images/keeshare_application_settings.png b/docs/images/keeshare_application_settings.png index 5d22e85b6..c3bb7f26c 100644 Binary files a/docs/images/keeshare_application_settings.png and b/docs/images/keeshare_application_settings.png differ diff --git a/docs/images/keeshare_group_settings.png b/docs/images/keeshare_group_settings.png index 8f9fa2175..51febf41f 100644 Binary files a/docs/images/keeshare_group_settings.png and b/docs/images/keeshare_group_settings.png differ diff --git a/docs/images/keeshare_shared_group.png b/docs/images/keeshare_shared_group.png index ef6886aa0..4d23aca89 100644 Binary files a/docs/images/keeshare_shared_group.png and b/docs/images/keeshare_shared_group.png differ diff --git a/docs/images/kpxc_logo.png b/docs/images/kpxc_logo.png index 8803335f1..9af29eb30 100644 Binary files a/docs/images/kpxc_logo.png and b/docs/images/kpxc_logo.png differ diff --git a/docs/images/linux_store.png b/docs/images/linux_store.png index aab68a0b3..7c63ca7be 100644 Binary files a/docs/images/linux_store.png and b/docs/images/linux_store.png differ diff --git a/docs/images/macos_install.png b/docs/images/macos_install.png index 5bd105170..f72222786 100644 Binary files a/docs/images/macos_install.png and b/docs/images/macos_install.png differ diff --git a/docs/images/main_interface.png b/docs/images/main_interface.png index 32f43cad6..088a05aaa 100644 Binary files a/docs/images/main_interface.png and b/docs/images/main_interface.png differ diff --git a/docs/images/new_db_wizard_1.png b/docs/images/new_db_wizard_1.png index ea3cdc669..360033543 100644 Binary files a/docs/images/new_db_wizard_1.png and b/docs/images/new_db_wizard_1.png differ diff --git a/docs/images/new_db_wizard_2.png b/docs/images/new_db_wizard_2.png index 98331ad13..3c384e1d5 100644 Binary files a/docs/images/new_db_wizard_2.png and b/docs/images/new_db_wizard_2.png differ diff --git a/docs/images/new_db_wizard_3.png b/docs/images/new_db_wizard_3.png index fe8acd65c..e6ac46769 100644 Binary files a/docs/images/new_db_wizard_3.png and b/docs/images/new_db_wizard_3.png differ diff --git a/docs/images/open_database.png b/docs/images/open_database.png index 0c4391856..ca94c5cc8 100644 Binary files a/docs/images/open_database.png and b/docs/images/open_database.png differ diff --git a/docs/images/passkeys_all_passkeys.png b/docs/images/passkeys_all_passkeys.png deleted file mode 100644 index b61551e02..000000000 Binary files a/docs/images/passkeys_all_passkeys.png and /dev/null differ diff --git a/docs/images/passkeys_authentication_dialog.png b/docs/images/passkeys_authentication_dialog.png deleted file mode 100644 index ab5f1ee1d..000000000 Binary files a/docs/images/passkeys_authentication_dialog.png and /dev/null differ diff --git a/docs/images/passkeys_enable_from_extension.png b/docs/images/passkeys_enable_from_extension.png deleted file mode 100644 index b0744c8cf..000000000 Binary files a/docs/images/passkeys_enable_from_extension.png and /dev/null differ diff --git a/docs/images/passkeys_export_dialog.png b/docs/images/passkeys_export_dialog.png deleted file mode 100644 index 3e7fd36c3..000000000 Binary files a/docs/images/passkeys_export_dialog.png and /dev/null differ diff --git a/docs/images/passkeys_github_1.png b/docs/images/passkeys_github_1.png deleted file mode 100644 index 1bd0e731d..000000000 Binary files a/docs/images/passkeys_github_1.png and /dev/null differ diff --git a/docs/images/passkeys_github_2.png b/docs/images/passkeys_github_2.png deleted file mode 100644 index 553e1c4c1..000000000 Binary files a/docs/images/passkeys_github_2.png and /dev/null differ diff --git a/docs/images/passkeys_github_3.png b/docs/images/passkeys_github_3.png deleted file mode 100644 index dff08f198..000000000 Binary files a/docs/images/passkeys_github_3.png and /dev/null differ diff --git a/docs/images/passkeys_github_4.png b/docs/images/passkeys_github_4.png deleted file mode 100644 index 82c31eaad..000000000 Binary files a/docs/images/passkeys_github_4.png and /dev/null differ diff --git a/docs/images/passkeys_github_5.png b/docs/images/passkeys_github_5.png deleted file mode 100644 index 305ed7f5f..000000000 Binary files a/docs/images/passkeys_github_5.png and /dev/null differ diff --git a/docs/images/passkeys_import_dialog.png b/docs/images/passkeys_import_dialog.png deleted file mode 100644 index 58b07fc45..000000000 Binary files a/docs/images/passkeys_import_dialog.png and /dev/null differ diff --git a/docs/images/passkeys_import_passkey_to_entry.png b/docs/images/passkeys_import_passkey_to_entry.png deleted file mode 100644 index abc106edc..000000000 Binary files a/docs/images/passkeys_import_passkey_to_entry.png and /dev/null differ diff --git a/docs/images/passkeys_register_dialog.png b/docs/images/passkeys_register_dialog.png deleted file mode 100644 index 5750522b9..000000000 Binary files a/docs/images/passkeys_register_dialog.png and /dev/null differ diff --git a/docs/images/passkeys_update_dialog.png b/docs/images/passkeys_update_dialog.png deleted file mode 100644 index 5657a8b87..000000000 Binary files a/docs/images/passkeys_update_dialog.png and /dev/null differ diff --git a/docs/images/passphrase_generator.png b/docs/images/passphrase_generator.png index abe7f73a4..b8180b323 100644 Binary files a/docs/images/passphrase_generator.png and b/docs/images/passphrase_generator.png differ diff --git a/docs/images/password_generator.png b/docs/images/password_generator.png index 7299629e0..230d656af 100644 Binary files a/docs/images/password_generator.png and b/docs/images/password_generator.png differ diff --git a/docs/images/password_generator_advanced.png b/docs/images/password_generator_advanced.png index 0e534e02d..f32754e57 100644 Binary files a/docs/images/password_generator_advanced.png and b/docs/images/password_generator_advanced.png differ diff --git a/docs/images/quick_unlock.png b/docs/images/quick_unlock.png index bc47c6480..7c878a567 100644 Binary files a/docs/images/quick_unlock.png and b/docs/images/quick_unlock.png differ diff --git a/docs/images/quick_unlock_windows_hello.png b/docs/images/quick_unlock_windows_hello.png index 935ff305d..59ec70057 100644 Binary files a/docs/images/quick_unlock_windows_hello.png and b/docs/images/quick_unlock_windows_hello.png differ diff --git a/docs/images/save_database_backup.png b/docs/images/save_database_backup.png index b59122642..ad543b4c3 100644 Binary files a/docs/images/save_database_backup.png and b/docs/images/save_database_backup.png differ diff --git a/docs/images/save_options.png b/docs/images/save_options.png index 55c3e640f..cf16c92e8 100644 Binary files a/docs/images/save_options.png and b/docs/images/save_options.png differ diff --git a/docs/images/secretservice_access_dialog.png b/docs/images/secretservice_access_dialog.png deleted file mode 100644 index 9a70a6085..000000000 Binary files a/docs/images/secretservice_access_dialog.png and /dev/null differ diff --git a/docs/images/secretservice_database_settings.png b/docs/images/secretservice_database_settings.png deleted file mode 100644 index 923ede10e..000000000 Binary files a/docs/images/secretservice_database_settings.png and /dev/null differ diff --git a/docs/images/secretservice_enable_settings.png b/docs/images/secretservice_enable_settings.png deleted file mode 100644 index cb8d7ea07..000000000 Binary files a/docs/images/secretservice_enable_settings.png and /dev/null differ diff --git a/docs/images/sshagent_application_settings.png b/docs/images/sshagent_application_settings.png index 8ac594c11..7f07ee49b 100644 Binary files a/docs/images/sshagent_application_settings.png and b/docs/images/sshagent_application_settings.png differ diff --git a/docs/images/sshagent_context_menu.png b/docs/images/sshagent_context_menu.png index d2743f6e9..8bd280fde 100644 Binary files a/docs/images/sshagent_context_menu.png and b/docs/images/sshagent_context_menu.png differ diff --git a/docs/images/sshagent_entry_settings.png b/docs/images/sshagent_entry_settings.png index d2a405cbd..263f55822 100644 Binary files a/docs/images/sshagent_entry_settings.png and b/docs/images/sshagent_entry_settings.png differ diff --git a/docs/images/sshagent_puttygen.png b/docs/images/sshagent_puttygen.png index c463cc084..ee68842b3 100644 Binary files a/docs/images/sshagent_puttygen.png and b/docs/images/sshagent_puttygen.png differ diff --git a/docs/images/sync_remote_settings.png b/docs/images/sync_remote_settings.png deleted file mode 100644 index 1d5c006b3..000000000 Binary files a/docs/images/sync_remote_settings.png and /dev/null differ diff --git a/docs/images/theme_comparison.png b/docs/images/theme_comparison.png index bc344c019..408bb892c 100644 Binary files a/docs/images/theme_comparison.png and b/docs/images/theme_comparison.png differ diff --git a/docs/images/theme_selection.png b/docs/images/theme_selection.png index 3f87719d3..2b087a84e 100644 Binary files a/docs/images/theme_selection.png and b/docs/images/theme_selection.png differ diff --git a/docs/images/toolbar.png b/docs/images/toolbar.png index 742379983..9ae4049ab 100644 Binary files a/docs/images/toolbar.png and b/docs/images/toolbar.png differ diff --git a/docs/images/totp_code_example.png b/docs/images/totp_code_example.png index 81b251977..cf6084bda 100644 Binary files a/docs/images/totp_code_example.png and b/docs/images/totp_code_example.png differ diff --git a/docs/images/totp_setup.png b/docs/images/totp_setup.png index c8027b654..2c975889e 100644 Binary files a/docs/images/totp_setup.png and b/docs/images/totp_setup.png differ diff --git a/docs/images/totp_usage_examples.png b/docs/images/totp_usage_examples.png index 60ef63bd5..25c358567 100644 Binary files a/docs/images/totp_usage_examples.png and b/docs/images/totp_usage_examples.png differ diff --git a/docs/images/uac_dialog.png b/docs/images/uac_dialog.png index 5838d6f7c..1477626c2 100644 Binary files a/docs/images/uac_dialog.png and b/docs/images/uac_dialog.png differ diff --git a/docs/images/unlock_database.png b/docs/images/unlock_database.png index e8a5c19d2..5cd3c37d8 100644 Binary files a/docs/images/unlock_database.png and b/docs/images/unlock_database.png differ diff --git a/docs/images/welcome_screen.png b/docs/images/welcome_screen.png index a00ae400f..0b4695f0f 100644 Binary files a/docs/images/welcome_screen.png and b/docs/images/welcome_screen.png differ diff --git a/docs/man/keepassxc.1.adoc b/docs/man/keepassxc.1.adoc index b82a97b03..16e10de9c 100644 --- a/docs/man/keepassxc.1.adoc +++ b/docs/man/keepassxc.1.adoc @@ -28,38 +28,26 @@ keepassxc - a modern open-source password manager *keepassxc* [_options_] [_filename(s)_] == DESCRIPTION -*KeePassXC* is a free/open-source password manager or safe which helps you to manage your passwords securely. -The complete database is always encrypted with the industry-standard AES (also known as Rijndael) encryption algorithm using a 256-bit key. +*KeePassXC* is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. +The complete database is always encrypted with the industry-standard AES (alias Rijndael) encryption algorithm using a 256 bit key. KeePassXC uses a database format that is compatible with KeePass Password Safe. -Your database works offline and requires no internet connection. +Your wallet works offline and requires no Internet connection. == OPTIONS *-h*, *--help*:: Displays this help. -*--help-all*:: - Displays help including Qt specific options. - *-v*, *--version*:: Displays version information. *--config* <__config__>:: Path to a custom config file. -*--localconfig* <__localconfig__>:: - Path to a custom local config file. - -*--lock*:: - Locks all open databases. - *--keyfile* <__keyfile__>:: Key file of the database. *--pw-stdin*:: - Reads password of the database from stdin. - -*--minimized*:: - Starts KeePassXC minimized to the system tray. + Read password of the database from stdin. *--debug-info*:: Displays debugging information. diff --git a/docs/styles/dark.css b/docs/styles/dark.css index 4295629f4..8f7bd67b6 100644 --- a/docs/styles/dark.css +++ b/docs/styles/dark.css @@ -180,7 +180,7 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}} .sect1{padding-bottom:1.25em}} .sect1:last-child{padding-bottom:0} .sect1+.sect1{border-top:1px solid #efefed} -#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:2.0ex;margin-left:-1.8ex;margin-top:0.08ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400} +#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400} #content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em} #content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible} #content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none} diff --git a/docs/topics/.sharedheader b/docs/topics/.sharedheader index 7a72b03a7..c639a39be 100644 --- a/docs/topics/.sharedheader +++ b/docs/topics/.sharedheader @@ -4,4 +4,3 @@ KeePassXC Team :stylesheet: ../styles/dark.css :icons: font :toc: left -:experimental: diff --git a/docs/topics/AutoType.adoc b/docs/topics/AutoType.adoc index 6632c6118..836d2c7d1 100644 --- a/docs/topics/AutoType.adoc +++ b/docs/topics/AutoType.adoc @@ -1,4 +1,4 @@ -= KeePassXC – Auto-Type += KeePassXC - Auto-Type :imagesdir: ../images // tag::content[] @@ -24,22 +24,20 @@ You can also set the time to remember the last used entry between presses of the === Configure Auto-Type Sequences Each entry in your database can have multiple Auto-Type sequences associated with various window titles. Simulated key presses can be sent to any other currently open window of your choice (web browser windows, login dialogs boxes, and so on). When the Global Auto-Type hotkey is pressed, KeePassXC will search your database for entries matching the current selected window title. -NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the kbd:[Tab] key, then types the password of the entry and finally presses the kbd:[Enter] key. +NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the `Tab` key, then types the password of the entry and finally presses the `Enter` key. TIP: To change the default Auto-Type sequence for all entries of your database, edit the root (top-most) group of your database and set a specific sequence. Child groups and entries will inherit this sequence by default. To configure Auto-Type sequences for your entries, perform the following steps: -1. Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the kbd:[+] button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*. +1. Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the `+` button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*. + -TIP: You can use an asterisk (`\*`) as a wildcard (e.g., when a window title contains a dynamic file or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional sequences for every matching window. This is useful for typing individual custom attributes, for example. -+ -TIP: To use a standard regular expression for window title matching, the window title must start and end with two forward slashes (e.g., `//^Secure Login - .*$//`). +TIP: You can use an asterisk (`\*`) to match any value (e.g., when a window title contains a dynamic filename or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional default Auto-Type sequences, such as custom attributes. + .Auto-Type entry sequences image::autotype_entry_sequences.png[] -2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: <> and <>. Action codes and placeholders are not case sensitive. +2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: xref:UserGuide.adoc#_auto_type_actions[Auto-Type Actions Reference] and xref:UserGuide.adoc#_entry_placeholders[Entry Placeholders Reference]. Action codes and placeholders are not case sensitive. + [grid=rows, frame=none, width=90%] |=== @@ -62,7 +60,7 @@ image::autotype_entry_sequences.png[] |Press the corresponding keyboard key |{UP}, {DOWN}, {LEFT}, {RIGHT} |Press the corresponding arrow key -|{LEFTBRACE}, {RIGHTBRACE} |Press kbd:[{] or kbd:[}], respectively +|{LEFTBRACE}, {RIGHTBRACE} |Press `{` or `}`, respectively |{<KEY> X} |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces) |{DELAY=X} |Set delay between key presses to X milliseconds |{DELAY X} |Pause typing for X milliseconds @@ -91,7 +89,7 @@ When you press the global Auto-Type hotkey, KeePassXC searches all unlocked data .Auto-Type sequence selection image::autotype_selection_dialog.png[,70%] -Perform the selected Auto-Type sequence by double clicking the desired row or pressing kbd:[Enter]. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field. +Perform the selected Auto-Type sequence by double clicking the desired row or pressing _Enter_. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field. .Auto-Type search database image::autotype_selection_dialog_search.png[,70%] @@ -106,7 +104,7 @@ The option to type just the username, password, or current TOTP value is availab TIP: On Windows, you will see an option to use a virtual keyboard in this sub-menu. This is an experimental feature that allows you to type into virtual machines by simulating actual keyboard presses. Some international keyboards may be unsupported due to limitations in the Windows API. === Performing Entry-Level Auto-Type -You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing kbd:[Ctrl+Shift+V]. +You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing `Ctrl+Shift+V`. WARNING: Be careful when using Entry-Level Auto-Type as you can inadvertently type into the wrong window. For example, a chat window or email. diff --git a/docs/topics/BrowserIntegration.adoc b/docs/topics/BrowserPlugin.adoc similarity index 57% rename from docs/topics/BrowserIntegration.adoc rename to docs/topics/BrowserPlugin.adoc index a561c58b2..9435a1c9c 100644 --- a/docs/topics/BrowserIntegration.adoc +++ b/docs/topics/BrowserPlugin.adoc @@ -1,223 +1,158 @@ -= KeePassXC – Browser Plugin -include::.sharedheader[] -:imagesdir: ../images - -// tag::content[] -== Browser Integration -The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields. - -The KeePassXC-Browser extension is available on the following web browsers: - -* Google Chrome, Vivaldi, and Brave -* Mozilla Firefox and Tor-Browser -* Microsoft Edge -* Chromium - -NOTE: On Linux, Flatpak and Snap based browsers are generally not supported. Ubuntu's Firefox Snap is currently the only known exception. - -=== Install the Browser Extension -You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps: - -1. Click the link corresponding to your browser: - * https://chromewebstore.google.com/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave] - * https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser[Mozilla Firefox and Tor-Browser] - * https://microsoftedge.microsoft.com/addons/detail/keepassxcbrowser/pdffhmdngciaglkoonimfcmckehcpafo[Microsoft Edge] - -2. Click the button to install/add the extension to the browser. Accept any confirmation dialogs. - -TIP: For the most up-to-date troubleshooting advice on all platforms, please read our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide[Troubleshooting Guide]. - -// tag::advanced[] -NOTE: When Microsoft Edge is installed as a managed application, system administrators are required to deploy a custom native messaging configuration. Instructions for this are found in the advanced section below. -// end::advanced[] - -=== Configure KeePassXC-Browser -To start using KeePassXC-Browser, you must configure it so that it can communicate with the KeePassXC application on your desktop. - -To configure KeePassXC-Browser, perform the following steps: - -1. Open the KeePassXC application on your desktop and navigate to Tools > Settings. - -2. Click the Browser Integration option on the left-hand side *(1)*. The following screen appears: -+ -.Browser Settings -image::browser_settings.png[] - -3. Click the _Enable browser integration_ checkbox *(2)*. Then select the browsers for which you have downloaded the KeePassXC-Browser extension *(3)* and click *OK*. - -4. Ensure your database is unlocked, then open (or restart) your browser. - -5. Click the KeePassXC-Browser extension icon *(A)* in your browser (see figure below). A pop-up window appears. -+ -.Connect Extension to KeePassXC -image::browser_extension_connect.png[,80%] - -6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application. - -7. You are now prompted to enter a unique name to identify the connection between this browser and your database. Enter a unique name in the field (e.g., firefox-laptop) and click the _Save and allow access_ button. -+ -.Extension Association Dialog -image::browser_extension_association.png[,80%] - -WARNING: If you reuse a connection name in a database, the previous browser connection will be overwritten and prevent access. - -=== Using the Browser Extension -The KeePassXC-Browser extension lets you automatically populate the entries from your KeePassXC database into the fields on websites you visit. To do so, perform the following steps: - -1. Open your KeePassXC desktop application and unlock your database. - -2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states. -+ -*(A)* KeePassXC is not running or is disconnected. + -*(B)* KeePassXC is running, but KeePassXC Browser Extension is not connected to the current database. + -*\(C)* Connected to KeePassXC, but database is locked. + -*(D)* Connected to KeePassXC and ready to use. If the icon is shown with a number, it indicates the number of credentials found for the current site. -+ -.Extension Icon States -image::browser_extension_icons.png[,70%] - -3. If the KeePassXC desktop application is not connected with the KeePassXC-Browser extension, click the extension icon in your web browser and click _Reload_ from the pop-up window as shown in the following screen. -+ -.Reload Extension Connection -image::browser_extension_reload.png[,80%] - -4. Open the URL for which you want to use with your database. If you have previously created an entry in your database then the KeePassXC-Browser Confirm Access dialog may appear: -+ -.Confirm Access Dialog -image::browser_confirm_access_dialog.png[,80%] - -5. Ensure the credentials you want to use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*. - -6. In your website, the KeePassXC icon will appear in the username field of the login form *(A)*. Click the icon to populate the field with your stored credentials. If you have more than one credential for this website, a dropdown will appear to choose the one to use. -+ -.Fill Credentials -image::browser_fill_credentials.png[,80%] - -=== Generate Passwords -The KeePassXC-Browser Extension also lets you generate passwords directly in your browser. -This feature can be used for websites with existing credentials as well as for new websites. -You can then choose to update/add the credentials to your KeePassXC database directly from the Browser. - -1. Ensure your database is unlocked and configured to use the Browser extension as shown above. - -2. Right click on a password field and from the KeePassXC sub-menu choose _Show Password Generator_. The standard KeePassXC password generator will appear. - -3. Configure the password generation options and click _Apply Password_ when done. The generated password will be filled into the previously selected field. - -4. When you have successfully submitted the password on the website, a popup will appear asking you to either update an existing entry or add a new one. - -// tag::advanced[] -=== Browser Integration Report -You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings. - -TIP: You can delete remembered site settings from the report by right clicking the entry you want to reset and selecting "Delete plugin data from entry". - -.Browser Integration Report -image::browser_statistics.png[] - -=== Additional Fill-In Fields -Sometimes login pages have additional fields you would like to fill (e.g., account number). Use the following instructions to add them: - -1. Edit the entry you want to add fields to. Go to the advanced tab and add the attributes you need. Each attribute *must start with* `KPH:`, but otherwise the name does not matter. If multiple KPH attributes are defined, they are used in alphabetical order (i.e., the order shown in KeePassXC). -2. Within the browser, navigate to the page you want to use the additional fields on. Select the "Choose Custom Login Fields" button from the extension popup window. Choose Username, Password and String Field(s). Confirm the selections. -3. Refresh the web page. The new KPH attribute(s) should be filled to the extra fields. - -.String Fields Selection in Browser -image:browser_integration_additional_attribute.png[] - -=== Clearing Remembered Sites -Entries that you have chosen to remember allow/deny rules are stored in their respect custom data fields. You can clear all of these remembered settings at once through the database settings. Follow these steps: - -1. Go to *Database* → *Database Settings* or click the database settings icon in the toolbar. -2. Go to the *Browser Integration* tab, then click on the *Forget all site-specific settings on entries* button. -3. Confirm this action in the popup dialog. This cannot be undone once the database is saved. -+ -.Clear Remembered Sites -image::browser_integration_clear_sites.png[,100%] - -=== Advanced Usage -You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*. - -After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*. - -Additional URLs also supports wildcards (with KeePassXC 2.7.10 and later). You can use URLs like: ----- -https://*.example.com -https://example.com/*/path -https://sub.*.example.com/path/* ----- - -.Entry browser settings -image::browser_entry_settings.png[] - -To set options for all entries within a group, edit the group and go to the browser integration section *(1)*. Here you can explicitly disable access to all entries under a group hierarchy to the browser extension. You can set other useful options for groups of entries as well. - -.Group browser settings -image::browser_group_settings.png[] - -Database-wide operations are available in the database settings. To access these use the _Database_ -> _Database settings..._ menu option. Click on _Browser Integration_ on the left-hand menu. From here you can disconnect all browsers, convert legacy KeePass-HTTP settings, reset all entry-level settings, and refresh the database root group ID (useful when making copies of your database file). - -.Database browser settings -image::browser_database_settings.png[] - -Finally, advanced application-wide settings are available in the Browser Integration tab of the application settings. - -WARNING: We do not recommend changing any of these settings as they may break the browser integration plugin. - -.Advanced browser settings -image::browser_advanced_settings.png[] - -=== Advanced Setup -==== Custom Browser option -It is possible to enable support for a custom browser (e.g. LibreWolf, WaterFox, Arc, beta and nightly browsers, etc.) using this feature. -This feature is only available for Linux and macOS. - -.Custom browser configuration -image::browser_custom_browser_configuration.png[] - -The native messaging script file needed for the custom browser depends on the browser type. For Firefox based browsers like Librefox the _Browser type_ must be _Firefox_. For Arc, Opera, etc. the type must be set to _Chromium_. - -_Config location_ must have the exact path for the browser's _native-messaging-hosts_ folder. If you are unsure, refer to our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide#1-after-enabling-browser-integration-and-support-for-your-browser[Troubleshooting Guide] for listing of the most common paths, and a few ways for finding a path when it's not known. - -When a Custom Browser has been successfully set, KeePassXC will automatically write the needed native messaging script file to the folder. - -If you wish to support multiple custom browsers, you can copy the native messaging script files manually to the _native-messaging-hosts_ folder from other browsers. - -==== Managed Microsoft Edge on Windows -1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeePassXC\` on all managed platforms. -+ ----- -{ - "allowed_origins": [ - "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/" - ], - "description": "KeePassXC integration with native messaging support", - "name": "org.keepassxc.keepassxc_browser", - "path": "C:\\Program Files\\KeePassXC\\keepassxc-proxy.exe", - "type": "stdio" -} ----- - -2. Configure GPO options (see https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.): -+ ----- -Windows Registry Editor Version 5.00 -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\org.keepassxc.keepassxc_browser] -@="C:\ProgramData\KeepassXC\org.keepassxc.keepassxc_browser_edge.json" - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge] -"NativeMessagingUserLevelHosts"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist] -"1"="pdffhmdngciaglkoonimfcmckehcpafo" - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist] -"1"="org.keepassxc.keepassxc_browser" ----- - -==== Managed Microsoft Edge on macOS -1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to `/Library/Microsoft/Edge/NativeMessagingHosts`. - -2. You may need to configure Edge to allowlist the extension and native messaging host. See https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information. -// end::advanced[] -// end::content[] += KeePassXC - Browser Plugin +include::.sharedheader[] +:imagesdir: ../images + +// tag::content[] +== Setup Browser Integration +The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields. + +The KeePassXC-Browser extension is available on the following web browsers: + +* Google Chrome, Vivaldi, and Brave +* Mozilla Firefox and Tor-Browser +* Microsoft Edge +* Chromium + +=== Install the Browser Extension +You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps: + +1. Click the link corresponding to your browser: + * https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave] + * https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser[Mozilla Firefox and Tor-Browser] + * https://microsoftedge.microsoft.com/addons/detail/keepassxcbrowser/pdffhmdngciaglkoonimfcmckehcpafo[Microsoft Edge] + +2. Click the button to install/add the extension to the browser. Accept any confirmation dialogs. + +TIP: For the most up-to-date troubleshooting advice on all platforms, please read our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide[Troubleshooting Guide]. + +// tag::advanced[] +NOTE: When Microsoft Edge is installed as a managed application, system administrators are required to deploy a custom native messaging configuration. Instructions for this are found in the advanced section below. +// end::advanced[] + +=== Configure KeePassXC-Browser +To start using KeePassXC-Browser, you must configure it so that it can communicate with the KeePassXC application on your desktop. + +To configure KeePassXC-Browser, perform the following steps: + +1. Open the KeePassXC application on your desktop and navigate to Tools > Settings. + +2. Click the Browser Integration option on the left-hand side *(1)*. The following screen appears: ++ +.Browser Settings +image::browser_settings.png[] + +3. Click the _Enable browser integration_ checkbox *(2)*. Then select the browsers for which you have downloaded the KeePassXC-Browser extension *(3)* and click *OK*. + +4. Ensure your database is unlocked, then open (or restart) your browser. + +5. Click the KeePassXC-Browser extension icon *(A)* in your browser (see figure below). A pop-up window appears. ++ +.Connect Extension to KeePassXC +image::browser_extension_connect.png[,80%] + +6. Click the _Connect_ button *(B)* in the pop-up window to complete integrating the KeePassXC-Browser extension with your KeePassXC desktop application. + +7. You are now prompted to enter a unique name to identify the connection between this browser and your database. Enter a unique name in the field (e.g., firefox-laptop) and click the _Save and allow access_ button. ++ +.Extension Association Dialog +image::browser_extension_association.png[,80%] + +WARNING: If you reuse a connection name in a database, the previous browser connection will be overwritten and prevent access. + +=== Using the Browser Extension +The KeePassXC-Browser extension lets you automatically populate the entries from your KeePassXC database into the fields on websites you visit. To do so, perform the following steps: + +1. Open your KeePassXC desktop application and unlock your database. + +2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states. ++ +*(A)* KeePassXC is not running or is disconnected + +*(B)* Connected to KeePassXC, but database is locked + +*\(C)* Connected to KeePassXC and ready to use ++ +.Extension Icon States +image::browser_extension_icons.png[,70%] + +3. If the KeePassXC desktop application is not connected with the KeePassXC-Browser extension, click the extension icon in your web browser and click _Reload_ from the pop-up window as shown in the following screen. ++ +.Reload Extension Connection +image::browser_extension_reload.png[,80%] + +4. Open the URL for which you want to use with your database. If you have previously created an entry in your database then the KeePassXC-Browser Confirm Access dialog may appear: ++ +.Confirm Access Dialog +image::browser_confirm_access_dialog.png[,80%] + +5. Ensure the credentials you want to use are checked, then click *(A)* Remember _(optional)_, then click _Allow Selected_ *(B)*. + +6. In your website, the KeePassXC icon will appear in the username field of the login form *(A)*. Click the icon to populate the field with your stored credentials. If you have more than one credential for this website, a dropdown will appear to choose the one to use. ++ +.Fill Credentials +image::browser_fill_credentials.png[,80%] + +// tag::advanced[] +=== Browser statistics +You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access these, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings. + +.Browser statistics +image::browser_statistics.png[] + +=== Advanced Usage +You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*. + +After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*. + +.Entry browser settings +image::browser_entry_settings.png[] + +To set options for all entries within a group, edit the group and go to the browser integration section *(1)*. Here you can explicitly disable access to all entries under a group hierarchy to the browser extension. You can set other useful options for groups of entries as well. + +.Group browser settings +image::browser_group_settings.png[] + +Database-wide operations are available in the database settings. To access these use the _Database_ -> _Database settings..._ menu option. Click on _Browser Integration_ on the left-hand menu. From here you can disconnect all browsers, convert legacy KeePass-HTTP settings, reset all entry-level settings, and refresh the database root group ID (useful when making copies of your database file). + +.Database browser settings +image::browser_database_settings.png[] + +Finally, advanced application-wide settings are available in the Browser Integration tab of the application settings. + +WARNING: We do not recommend changing any of these settings as they may break the browser integration plugin. + +.Advanced browser settings +image::browser_advanced_settings.png[] + +=== Advanced Setup +==== Managed Microsoft Edge on Windows +1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeepassXC` on all managed platforms. ++ +---- +{ + "allowed_origins": [ + "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/" + ], + "description": "KeePassXC integration with native messaging support", + "name": "org.keepassxc.keepassxc_browser", + "path": "C:\\Program Files\\KeePassXC\\keepassxc-proxy.exe", + "type": "stdio" +} +---- + +2. Configure GPO options (registry result): ++ +---- +Windows Registry Editor Version 5.00 +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\org.keepassxc.keepassxc_browser] +@="C:\ProgramData\KeepassXC\org.keepassxc.keepassxc_browser_edge.json" + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge] +"NativeMessagingUserLevelHosts"=dword:00000000 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist] +"1"="pdffhmdngciaglkoonimfcmckehcpafo" + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist] +"1"="org.keepassxc.keepassxc_browser" +---- +// end::advanced[] +// end::content[] diff --git a/docs/topics/DatabaseOperations.adoc b/docs/topics/DatabaseOperations.adoc index 5f315cd45..aa5b4aec3 100644 --- a/docs/topics/DatabaseOperations.adoc +++ b/docs/topics/DatabaseOperations.adoc @@ -1,4 +1,4 @@ -= KeePassXC – Database Operations += KeePassXC - Database Operations include::.sharedheader[] :imagesdir: ../images @@ -11,22 +11,22 @@ To create a database, perform the following steps: 1. Open your KeePassXC application. Click the create new database button *(A)*: + -.Create database – Welcome screen +.Create database - Welcome screen image::welcome_screen.png[] 2. The database creation wizard appears. Enter the desired database name and a short description (optional): + -.Create database – General information +.Create database - General information image::new_db_wizard_1.png[,80%] 3. Click Continue. The Encryption Settings screen appears, we don't recommend making any changes besides increasing or decreasing the decryption time using the slider. Setting the Decryption Time slider at higher values means that the database will have higher level of protection but the time taken by the database to open will increase. + -.Create database – Encryption settings +.Create database - Encryption settings image::new_db_wizard_2.png[,80%] 4. Click the Continue button. The Database Credentials screen appears, enter your desired database password. We recommend using a long, randomized password. + -.Create database – Database credentials +.Create database - Database credentials image::new_db_wizard_3.png[,80%] + *(A)* Open the password generator + @@ -36,13 +36,6 @@ NOTE: Keep this password for your database safe. Either memorize it or note it d 5. Click Done. You will be prompted to select a location to save your database file. The database file is saved on to your computer with the default `.kdbx` extension. You can store your database wherever you wish, it is fully encrypted at all times preventing unauthorized access. -=== Storing Your Database -The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service. - -Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.). - -TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion. - === Opening an Existing Database To open an existing database, perform the following steps: @@ -58,11 +51,9 @@ image::unlock_database.png[] 3. Enter the password for your database. -4. _(Optional)_ Click *I have a key file (A)* if you have one as an additional authentication factor for your database. +4. _(Optional)_ Browse for the Key File if you have chosen it as an additional authentication factor while creating the database. Refer to the KeePassXC User Guide for more information on setting a Key File as an additional authentication factor. -5. _(Optional)_ Plug in your configured YubiKey or OnlyKey to use it as an additional authentication factor. If you don't see it listed, press the refresh button *(B)*. - -6. Click *OK*. The database opens and the following screen is displayed: +5. Click *OK*. The database opens and the following screen is displayed: + .Unlocked database image::database_view.png[] @@ -70,29 +61,40 @@ image::database_view.png[] === Quick Unlock On Windows and macOS, subject to hardware availability, your credentials can be securely stored to enable subsequent unlocking of your database through biometric authentication. This is enabled by default on Windows using _Windows Hello_ and on macOS using _Touch ID or Apple Watch_ services. You can disable this feature in the Application Settings under the Security section. -NOTE: On Windows, you will be prompted to authenticate to Windows Hello after unlocking your database with full credentials. This is required to setup Quick Unlock. If you cancel this prompt then Quick Unlock will not be enabled and your database will continue to unlock. +NOTE: On Windows you will be prompted to authenticate to Windows Hello on the initial database unlock. This is required to access the hardware certificate store that encrypts your credentials. .Windows Hello example image::quick_unlock_windows_hello.png[] -When your database is locked, you will see the following unlock dialog. Simply press kbd:[Enter] or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. YubiKey), it must be connected to your computer to complete the unlock. +When your database is locked, you will see the following unlock dialog. Simply press _Enter_ or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock. .Quick Unlock image::quick_unlock.png[] // tag::advanced[] -NOTE: By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings. +=== Expired Entries +By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings. +=== Advanced Save Options +There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_. + +1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions. + +2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools. + +3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system. + +In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See xref:UserGuide.adoc#_backup_path_placeholders[Backup Path Placeholders] for available placeholders and examples. + +image::save_options.png[] // end::advanced[] -=== Entry Handling -Entries in KeePassXC are the fundamental units where all your sensitive information is stored. Each entry can contain various fields such as usernames, passwords, URLs, attachments, and notes. You can create, edit, clone, and delete entries as needed. Additionally, KeePassXC supports advanced features like TOTP for two-factor authentication, custom attributes, and entry history to track changes over time. Proper management of entries ensures that your data is organized, secure, and easily accessible when needed. -==== Adding an Entry +=== Adding an Entry All the details such as usernames, passwords, URLs, attachments, notes, and so on are stored in database entries. You can create as many entries as you want in the database. To add an entry, perform the following step: -1. Navigate to Entries > New Entry (or press kbd:[Ctrl+N]). The following screen appears: +1. Navigate to Entries > New Entry (Or, press Ctrl+N). The following screen appears: + .Adding a new entry image::edit_entry.png[] @@ -110,18 +112,18 @@ image::edit_entry.png[] 5. Click *OK* to add the entry to your database. -==== Editing an Entry +=== Editing an Entry To edit the details in an entry, perform the following steps: 1. Select the entry you want to edit. -2. Press kbd:[Enter], click the edit toolbar icon, or right-click and select Edit Entry from the menu. +2. Press `Enter`, click the edit toolbar icon, or right-click and select Edit Entry from the menu. 3. Make the desired changes. 4. Click *OK*. -==== Adding TOTP to an Entry +=== Adding TOTP to an Entry Timed One-Time Passwords (TOTP) are a popular choice for two-factor authentication methods. These codes are typically six digits long and change every 30 seconds. They are derived from a shared secret value and the current time. Once set up, KeePassXC can calculate TOTP codes like any authenticator app, such as Google Authenticator. The codes can be used with copy/paste, browser extension, and Auto-Type. TIP: Your computer time must be synchronized with an internet time source to generate valid TOTP codes, https://www.nist.gov/pml/time-and-frequency-division/time-distribution/internet-time-service-its[read more here]. @@ -143,34 +145,24 @@ After an entry is configured with TOTP, you will see a clock icon in that entry' .TOTP Usage image::totp_usage_examples.png[] -==== Entry Icons -You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website. - -NOTE: To delete a custom icon, go to <> where you can purge unused icons and delete one or more icons at a time. - -.Entry icon selection -image::edit_entry_icons.png[] - -TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons. - -==== Deleting an Entry +=== Deleting an Entry To delete an entry, perform the following steps: -1. Select the entry you want to delete and press the kbd:[Del] button on your keyboard. +1. Select the entry you want to delete and press the `Delete` button on your keyboard. 2. You will be prompted to move the entry to the Recycle Bin (if enabled). + NOTE: You can disable the recycle bin within the Database Settings. If the recycle bin is disabled then deleted entries will be permanently removed from the database. -3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the kbd:[Del] button on your keyboard. +3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the `Delete` button on your keyboard. // tag::advanced[] -==== Clone an Entry +=== Clone an Entry Creating a clone of an entry provides you a ready-to-use template for creating new entries with similar details of a master entry. To create a clone of an existing entry, perform the following steps: -1. Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press kbd:[Ctrl+K]. +1. Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press `Ctrl+K`. + .Clone entry from context menu image::clone_entry.png[] @@ -188,73 +180,12 @@ image::clone_entry_dialog.png[,50%] .References in a cloned entry image::clone_entry_references.png[] -4. You can create your own references using the <> +4. You can create your own references using the xref:UserGuide.adoc#_entry_cross_reference[Entry Reference Syntax] -==== Entry URL Handling -KeePassXC can handle URLs in various ways. Standard URLs will be opened in your default browser. URLs that start with schemas handled by your Operating System will launch the associated application, for example `ftp://` or `ssh://`. You can also use the following URL schemas to perform specific actions: +== Searching the Database +KeePassXC provides an enhanced and granular search features the enables you to search for specific entries in the databases using the different modifiers, wild card characters, and logical operators. -|=== -|Schema | Example | Description - -|cmd:// -|`cmd://ssh {USERNAME}@example.com -p 2222` -|Launches the specified command line executable with the specified arguments. The executable must be present on your PATH or an absolute path must be specified. - -|kdbx:// -|`kdbx://~/dbs/passwords.kdbx` -|Opens the specified database file. Set the entry's username to the keyfile path (if required) and password to the database password. The database will open in a new tab. - -|=== - -=== Advanced Entry Handling -KeePassXC offers several advanced options for managing your database entries. Additional Attributes allow you to store extra information required by some applications and websites. Attachments enable you to attach files to entries, stored as encrypted binaries, which can be previewed directly in the application (text and images). Icons can be selected or downloaded for easy identification of entries. The Properties section lets you view basic properties such as creation, modification, and last accessed times, and retrieve an entry's UUID for references. KeePassXC also maintains a history of changes to entries, allowing you to view, restore, or delete previous versions of an entry. - -==== Additional Attributes -A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:}` action code. - -To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*. - -.Additional attributes example -image::edit_entry_attributes.png[] - -==== Attachments -You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*. - -NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it. - -.Attachments interface -image::edit_entry_attachments.png[] - -==== Foreground and Background Color -You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog. - -.Color picker dialog -image::edit_entry_colors.png[] - -==== Properties -KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references. - -.Entry properties view -image::edit_entry_properties.png[] - -==== History -KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view. - - * Show: Display this history item for review, a read-only copy of the entry will be shown. - * Restore: Reinstate the selected history item as the active entry details. - * Delete: Delete the selected history item. - * Delete All: Delete the entire history for this entry. - -.Entry history view -image::edit_entry_history.png[] - -NOTE: Restoring an old history item will store the current entry settings as a new history item. - -// end::advanced[] -=== Search -KeePassXC provides a robust search that enables you to find specific entries in the databases using different modifiers, wild card characters, and logical operators. By default, search considers the following fields when matching your query: Title, Username, URL, Tags, and Notes. To include other fields and/or narrow your search to specific fields, you can use the search syntax described below. - -==== Modifiers and Fields +=== Modifiers and Fields [grid=rows, frame=none, width=70%] |=== |Modifier |Description @@ -270,15 +201,14 @@ The following fields can be searched along with their abbreviated name in parent * Title (t) * Username (u) * Password (p, pw) -* URL (url) +* URL * Notes (n) * Attribute names and values (attr) * Attachment (attach) * Group (g) -* Tags (tag) * Entry State (is:expired, is:weak) -==== Wild Card Characters and Logical Operators +=== Wild Card Characters and Logical Operators [grid=rows, frame=none, width=70%] |=== |Wild Card Character |Description @@ -288,7 +218,7 @@ The following fields can be searched along with their abbreviated name in parent |\| |Logical OR |=== -==== Sample Search Queries +=== Sample Search Queries The following tables lists a few samples search queries for your reference: |=== @@ -306,39 +236,63 @@ The following tables lists a few samples search queries for your reference: |`+attr:mystring123` |Searches all additional attributes for any name OR value equal to mystring123. -|`+tag:personal` -| Search exactly for the 'personal' tag and do not include tags such as 'my personal'. - |`is:expired is:weak` |Searches for all expired entries with weak passwords. |=== -// tag::advanced[] -=== Merging Databases -KeePassXC allows you to merge entries from one database into another through the _Database_ -> _Merge From Database_ menu item. When merging, entries from the specified database will be imported into your currently open database. The merge process compares entries based on their unique identifiers (UUIDs) and modified timestamp. When an entry UUID matches, no matter which group it is in, the most recently modified version will be made the current and the previous version will be placed into the entry's history. Any new entries and/or groups will be added to the open database. This feature is useful for consolidating multiple databases or synchronizing databases from conflict files in a cloud storage system. +== Advanced Entry Options +=== Additional Attributes +A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:}` action code. -NOTE: When you delete entries, a record of that deletion (the entry UUID) is stored to prevent that entry from reappearing from a merge operation. An existing entry that has the same UUID as a deleted item will be removed from the database without prompt. +To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*. -=== Advanced Save Options -There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_. +.Additional attributes example +image::edit_entry_attributes.png[] -1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions. +=== Attachments +You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*. -2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools. +NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it. -3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system. +.Attachments interface +image::edit_entry_attachments.png[] -=== Database Backup Options -In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See <> for available placeholders and examples. +=== Foreground and Background Color +You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog. -image::save_options.png[] +.Color picker dialog +image::edit_entry_colors.png[] -Alternatively, backups can be created on-demand using the _Database_ -> _Save Database Backup..._ menu feature. +=== Icons +You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website. -.Saving a database backup -image::save_database_backup.png[,40%] +NOTE: To delete a custom icon, go to xref:UserGuide.adoc#_database_maintenance[Database Maintenance] where you can purge unused icons and delete one or more icons at a time. -=== Automatic Database Opening +.Entry icon selection +image::edit_entry_icons.png[] + +TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons. + +=== Properties +KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references. + +.Entry properties view +image::edit_entry_properties.png[] + +=== History +KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view. + + * Show: Display this history item for review, a read-only copy of the entry will be shown. + * Restore: Reinstate the selected history item as the active entry details. + * Delete: Delete the selected history item. + * Delete All: Delete the entire history for this entry. + +.Entry history view +image::edit_entry_history.png[] + +NOTE: Restoring an old history item will store the current entry settings as a new history item. + +== Automatic Database Opening You can setup one or more databases to open automatically when you unlock a single database. This is done by *(1)* defining a special group named `AutoOpen` with *(2)* entries that contain the file path and credentials for each database that should be opened. There is no limit to the number of databases that can be opened. TIP: Case matters with auto open, the group name must be exactly `AutoOpen` and it must be a child of the root group. @@ -375,12 +329,10 @@ image::database_settings.png[] * *Database name:* This is the default identifier for your database and is shown in the tab bar and title bar (when active). You can change this name as desired. * *Database description:* Provide some meaningful description for your database. * *Default username:* Provide a default username for all new entries that you create in this database. - * *Public Database Metadata:* Here you can set a public (unencrypted) name, icon, and color for your database. This is used on the database unlock screen to help distinguish multiple databases from each other. * *Max history items:* This is the maximum number of history items that are stored for each entry. When you set this to 0, no history will be saved. Set this value to a low value to prevent the database from getting too large (we recommend no more than 10). * *Max. history size:* When the history of an entry gets above this size, it is truncated. For example, this happens when entries have large attachments. Set this value small to prevent the database from getting too large (we recommend 6 MiB). * *Use recycle bin:* Select this check-box if you want deleted entries to move to the recycle bin instead of being permanently removed. The recycle bin will be created if it does not already exist after your first deletion. To delete entries permanently, you must empty the recycle bin manually. * *Enable compression:* KeePassXC databases can be compressed before being encrypted. Compression reduces the size of the database and does not have any appreciable affect on speed. It is recommended to always save databases with compression. - * *Autosave delay:* Customize the automatic database save operation by delaying it for a set time since the last change. By default, this option is disabled for fast saving, but can be useful for large databases to avoid delays after each change. 3. Click the Security button in the left-hand menu bar to change your database credentials and change encryption settings. + @@ -410,29 +362,44 @@ The following key derivation functions are supported: * AES-KDF (KDBX 4 and KDBX 3.1): This key derivation function is based on iterating AES. Users can change the number of iterations. The more iterations, the harder are dictionary and guessing attacks, but also database loading/saving takes more time (linearly). KDBX 3.1 only supports AES-KDF; any other key derivation function, like for instance Argon2, requires KDBX 4. - * Argon2 (KDBX 4 – recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks. + * Argon2 (KDBX 4 - recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks. -=== Database Maintenance +== Database Maintenance KeePassXC offers some maintenance features that can be applied to clean up your database. Navigate to _Database_ -> _Database settings_ then click on _Maintenance_ on the left hand panel. The following screen appears. On this screen you can delete multiple icons at once and purge any unused icons in your database. image::database_maintenance.png[] -== Remote database support -KeePassXC provides support for syncing database files that reside in a remote location. If you can download/upload the database file via a commandline tool (e.g. rsync, ssh, scp etc.) KeePassXC offers easy to use functionality to sync the remote database. +=== Creating a YubiKey backup +It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown: -=== Sync with remote database -Open the remote sync settings via _Database > Database Settings… > Remote_ to create commands to sync a local database or a temporary local copy of a remote database. +1. Create a 20 byte HMAC key: ++ +``` +dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40 +``` -Define a name for your sync command and specify a download *(A)* as well as an upload command *(B)*. The command and/or input need a `{TEMP_DATABASE}` placeholder specified where the remote database is temporarily stored. Do not forget to save the command settings with the save button *\(C)*. Remote settings are added as menu entries below the _Remote Sync…_ menu for quick access. +2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_: ++ +``` +ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update +``` -WARNING: If your download or upload command require a password prompt, the command will most likely not succeed. In case of an SSH connection (e.g. sftp), it is recommended to use <> so that no password prompt is needed. - -.Remote sync settings -image::sync_remote_settings.png[] - -Select the remote sync command from the _Database > Remote Sync…_ menu to start the syncing process and a progress bar will show up in the lower right corner. - -WARNING: In case the remote database is changed by another user/process after the downloading command finishes and before uploading again, those changes will be overwritten. Syncing is not an atomic operation. +You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key. +== Command Line Tool +KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/master/docs/man/keepassxc-cli.1.adoc[available on GitHub]. // end::advanced[] + +== Storing a Database File +The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service. + +Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.). + +TIP: You can safely store your database file in the cloud (e.g., OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion. + +== Backing up a Database File +It is a good practice to create copies of your database file and store the copies of your database on a different computer, smart phone, or cloud storage space such a Google Drive or Microsoft OneDrive. Backups can be created automatically by selecting the _Backup database file before saving_ option in the application settings. Additionally, you can create a backup on-demand using the _Database_ -> _Save Database Backup..._ menu feature. + +.Saving a database backup +image::save_database_backup.png[,40%] // end::content[] diff --git a/docs/topics/Disclaimers.adoc b/docs/topics/Disclaimers.adoc index 419778ace..a8e9be57c 100644 --- a/docs/topics/Disclaimers.adoc +++ b/docs/topics/Disclaimers.adoc @@ -21,3 +21,12 @@ Special, incidental or consequential damages arising out of the use or inability Limited to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of The program to operate with any other programs), even if such holder or other party has been advised of the possibility Of such damages. + +== Contact Us + +We are committed to continually improve KeePassXC through customer experience and your feedback is important to us. +Please send us your feedback or comments to team@keepassxc.org. +To report issues, visit: https://github.com/keepassxreboot/keepassxc. + +Thank You, + +Team KeePassXC diff --git a/docs/topics/DownloadInstall.adoc b/docs/topics/DownloadInstall.adoc index ed24e3c79..e96c885de 100644 --- a/docs/topics/DownloadInstall.adoc +++ b/docs/topics/DownloadInstall.adoc @@ -1,4 +1,4 @@ -= KeePassXC – Download and Install += KeePassXC - Download and Install include::.sharedheader[] :imagesdir: ../images @@ -8,9 +8,9 @@ KeePassXC is available for download for the following operating systems and plat * Microsoft Windows ** Portable and MSI Installer (64-bit and 32-bit) -* Linux – Official Cross-Distribution Packages +* Linux - Official Cross-Distribution Packages ** AppImage and Snap Package -* Linux – Distribution-Specific Packages +* Linux - Distribution-Specific Packages ** Ubuntu, Debian, Arch Linux, Gentoo, Fedora, CentOS, and OpenSUSE * macOS ** DMG Installer, Homebrew Cask @@ -38,16 +38,16 @@ To install KeePassXC on Microsoft Windows, perform the following steps: .Install wizard image::install_wizard_1.png[,80%] -2. Click Next and follow the simple instructions on the KeePassXC Setup Wizard to complete the installation. You will have the option to choose your install location, add a desktop shortcut, and launch on startup. +2. Click Next and follow the simple instructions on the KeepPassXC Setup Wizard to complete the installation. You will have the option to choose your install location, add a desktop shortcut, and launch on startup. + .Install wizard (cont) image::install_wizard_2.png[,80%] The following options can be set when running the MSI in an unattended installation: -* *LAUNCHAPPONEXIT* – Launch KeePassXC after install (default ON) -* *AUTOSTARTPROGRAM* – KeePassXC will auto-start on login (default ON) -* *INSTALLDESKTOPSHORTCUT* – A desktop icon will be installed (default OFF) +* *LAUNCHAPPONEXIT* - Launch KeePassXC after install (default ON) +* *AUTOSTARTPROGRAM* - KeePassXC will auto-start on login (default ON) +* *INSTALLDESKTOPSHORTCUT* - A desktop icon will be installed (default OFF) Example: `msiexec.exe /q /i KeePassXC-Y.Y.Y-WinZZ.msi AUTOSTARTPROGRAM=0` @@ -59,7 +59,7 @@ image::linux_store.png[] The Snap and Flatpak options are sandboxed applications (more secure). The Native option is installed with the operating system files. Read more about the limitations of these options here: https://keepassxc.org/docs/#faq-appsnap-yubikey[KeePassXC Snap FAQ] -NOTE: KeePassXC stores a configuration file in `~/.local/state` to remember window position, recent files, and other local settings. If you mount this folder to a tmpdisk you will lose settings after reboot. +NOTE: KeePassXC stores a configuration file in `~/.cache` to remember window position, recent files, and other local settings. If you mount this folder to a tmpdisk you will lose settings after reboot. === macOS To install the KeePassXC app on macOS, double click on the downloaded DMG file and use the click and drag option as shown: @@ -69,4 +69,4 @@ image::macos_install.png[,80%] // end::content[] // tag::advanced[] -// end::advanced[] +// end::advanced[] \ No newline at end of file diff --git a/docs/topics/ImportExport.adoc b/docs/topics/ImportExport.adoc index 4dcce0a25..d41b8c9cb 100644 --- a/docs/topics/ImportExport.adoc +++ b/docs/topics/ImportExport.adoc @@ -1,104 +1,62 @@ -= KeePassXC – Import/Export Operations += KeePassXC - Import/Export Operations include::.sharedheader[] :imagesdir: ../images // tag::content[] -== Importing Databases +== Importing External Databases KeePassXC allows you to import external databases from the following options: -* Comma Separated Values (.csv) -* 1Password Export (.1pux) -* 1Password Vault (.opvault) -* Bitwarden (.json) -* Proton Pass (.json) -* KeePass 1 Database (.kdb) -* Remote database (.kdbx) - -To import any of these files, start KeePassXC and either click the `Import File` button on the welcome screen or use the menu Database > Import... to launch the Import Wizard. - -.Import Wizard -image::import_wizard.png[] - -For each of the import options, you will be prompted to select the file to import and then provide credentials to unlock the file, if necessary. You can then choose to import the file into a new database or into an existing database that is already unlocked in KeePassXC. +* Comma-Separated Values (CSV) file +* 1Password OPVault +* KeePass 1 Database === Importing CSV File -WARNING: A CSV file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC. +If you have been saving your URLs, usernames, passwords, and so on in a CSV file, you can migrate all that information from the CSV file to KeePassXC and start using KeePassXC to maintain your data. -1. Follow the steps above and click `Continue`. The CSV import wizard will appear. +To open the CSV file, perform the following steps: -2. On this dialog you can choose the various options for properly importing the data. Analyze the output in the preview at the bottom to determine the correct import settings. You may need to re-map the column associations to match the data in your CSV file. +1. Open KeePassXC. + +2. Click Import from CSV button on the welcome screen or use the menu Database > Import > CSV File. + +3. Navigate to the location of the your CSV file on your computer and open the file. The new database wizard will appear. Follow the steps of creating a new database in Chapter 1. + +4. After saving your new database file, the CSV import wizard will appear. On this dialog you can choose the various options for properly importing the data. You may need to select the _First line has field names_ checkbox before starting. Analyze the output in the preview at the bottom to determine the correct import settings. + .CSV Import Wizard image::csv_import.png[] -3. Click `Done` to complete the import. If you chose to create a new database, the New Database dialog will appear. Otherwise your entries will be nested under the group you chose for the existing database. - -=== Importing from Other Applications -KeePassXC allows you to import databases from various applications including 1Password (1PUX and OPVault), Bitwarden, and Proton Pass. Each import option involves selecting the file, providing necessary credentials (if required), and choosing to import into a new or existing database. Note that CSV, 1Password Export, Bitwarden, and Proton Pass files are unencrypted and should be securely deleted after import. - -==== 1Password Export -WARNING: A 1Password Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC. - -1. Open the Import Wizard as shown above. Select the 1Password Export option. - -2. Click `Continue` to unlock and preview the import. Click `Done` to complete the import. - -==== 1Password OPVault -NOTE: You must have 1Password version 7 or 8 to export your data to an OPVault. If you are using a newer version of 1Password, you should use the 1Password Export (1PUX) format instead. +Your CSV file gets imported to KeePassXC and the data is converted to the KeePassXC format for further usage and maintenance. The new database file is saved on to your computer with the default `.kdbx` extension. +=== Importing 1Password OPVault Save your 1Password Vault locally to create an OPVault directory. Please see 1Password instructions on how to do this. Once an OPVault is created, perform the following steps: -1. Open the Import Wizard as shown above. Select the 1Password Vault option. +1. Open KeePassXC. -2. Enter the password for your vault and click `Continue` to unlock and preview the import. Click `Done` to complete the import. +2. Use the menu Database > Import > 1Password Vault. Select the OPVault to import. -==== Bitwarden -WARNING: A Bitwarden Export file may be unencrypted and you should securely delete this file after successfully importing it into KeePassXC. - -1. Open the Import Wizard as shown above. Select the Bitwarden option. - -2. Optionally provide a password to decrypt the Bitwarden export file. You should only need to do this if you have chosen the encrypted json export option within Bitwarden. - -3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import. - -==== Proton Pass -WARNING: A Proton Pass Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC. - -1. Open the Import Wizard as shown above. Select the Proton Pass option. - -2. Click `Continue` to preview the import. Click `Done` to complete the import. +3. Enter the password for your OPVault to unlock and import. === Importing KeePass 1 Database -KeePass 1 database is an older format of the database created using a legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application. +KeePass 1 database is an older format of the database created using legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application. To import a KeePass 1 database file in KeePassXC, perform the following steps: -1. Open the Import Wizard as shown above. Select the KeePass1 Database option. +1. Open KeePassXC. -2. Enter the password for your database and optionally provide a key file if it was configured for your KeePass1 database. +2. Click Import from KeePass 1 button on the welcome screen or use the menu Database > Import > KeePass 1 Database. -3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import. +3. Navigate to the location of the your legacy KeePass 1 database file (`.kdb`) on your computer and open the file. You are prompted for the password and the Key file for your `.kdb` file. -=== Importing Remote Database -Database files that are stored in a remote location can be imported or opened with KeePassXC if you provide a command to download the file from the remote location. +4. Enter the password for your old `.kdb` file and click *OK*. You are prompted for provide a name for the new database format that KeePassXC recognizes. -To import (or temporarily open) a remote database file in KeePassXC, perform the following steps: +5. Provide a name for the new database format, select a folder on your computer to save the file, and click Save. -1. Open the Import Wizard as shown above. Select the Remote Database option. - -2. Enter a command to download the remote database. If necessary, enter input that needs to be passed to the command. The command and/or input need a `{TEMP_DATABASE}` placeholder specified where the remote database is temporarily stored. - -3. Enter the password for your database and optionally provide a key file. - -4. Click `Continue` to unlock and preview the import. Click `Done` to complete the import. - -Opening without importing a remote database is possible by selecting Temporary Database in the Import Into section of the wizard. +6. The data from the `.kdb` file gets imported and converted to the new format, which is compatible with KeePassXC. You can now start using the new database file (`.kdbx`) in KeePassXC. == Exporting Databases KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive. -WARNING: These exports do not contain all the information in your database due to various limitations in the export format. For example, the CSV export does not support attachments, advanced attributes, Auto-Type settings, or custom icons. The XML export does not support attachments. The HTML export is mainly for printing and does not support attachments and some custom data fields. - WARNING: Exporting your database will result in all of your passwords and sensitive information being stored in an unencrypted format. We do not recommend saving your exported database for long periods of time as that can cause a compromise of sensitive information. .Database export menu diff --git a/docs/topics/KeeShare.adoc b/docs/topics/KeeShare.adoc index 882e7f017..6735378d4 100644 --- a/docs/topics/KeeShare.adoc +++ b/docs/topics/KeeShare.adoc @@ -1,4 +1,4 @@ -= KeePassXC – KeeShare += KeePassXC - KeeShare include::.sharedheader[] :imagesdir: ../images @@ -16,7 +16,7 @@ To use sharing, you need to enable it for the application. .KeeShare Application Settings image::keeshare_application_settings.png[] -=== Setup a Shared Group +=== Sharing Credentials If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared! NOTE: KeeShare does not synchronize group structure after the initial share is created. At this time, KeeShare operates at the entry level; shared entries moved outside of a shared group are still synchronized. @@ -24,10 +24,10 @@ NOTE: KeeShare does not synchronize group structure after the initial share is c 1. Open the edit sheet on a group you want to share. 2. Select the KeeShare category on the left toolbar. 3. Choose a sharing type: - a. *Inactive* – Disable sharing this group - b. *Import* – Read-only import of entries, merge changes - c. *Export* – Write-only export of entries, no merge - d. *Synchronize* – Read/Write entries from the share, merge changes + a. *Inactive* - Disable sharing this group + b. *Import* - Read-only import of entries, merge changes + c. *Export* - Write-only export of entries, no merge + d. *Synchronize* - Read/Write entries from the share, merge changes 4. Choose a path to store the shared credentials to. 5. The password to use for this share container. diff --git a/docs/topics/KeyboardShortcuts.adoc b/docs/topics/KeyboardShortcuts.adoc index 3113a8af5..b027ba1fc 100644 --- a/docs/topics/KeyboardShortcuts.adoc +++ b/docs/topics/KeyboardShortcuts.adoc @@ -1,66 +1,46 @@ -= KeePassXC – Keyboard Shortcuts += KeePassXC - Keyboard Shortcuts include::.sharedheader[] :imagesdir: ../images // tag::content[] -NOTE: On macOS please substitute kbd:[Ctrl] with kbd:[Cmd] (AKA kbd:[⌘]). +NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`). [grid=rows, frame=none, width=75%] |=== -|Action | Keyboard Shortcut +|Action | Keyboard Shortcut -|Settings | kbd:[Ctrl + ,] -|Open Database | kbd:[Ctrl + O] -|Save Database | kbd:[Ctrl + S] -|Save Database As | kbd:[Ctrl + Shift + S] -|New Database | kbd:[Ctrl + Shift + N] -|Close Database | kbd:[Ctrl + W] + -_or_ + -kbd:[Ctrl + F4] -|Lock Current Database | kbd:[Ctrl + L] -|Lock All Databases | kbd:[Ctrl + Shift + L] -|Database Settings | kbd:[Ctrl + Shift + ,] -|Database Reports | kbd:[Ctrl + Shift + R] -|Quit | kbd:[Ctrl + Q] -|New Entry | kbd:[Ctrl + N] -|Edit Entry | kbd:[Enter] + -_or_ + -kbd:[Ctrl + E] -|Delete Entry | kbd:[Del] -|Clone Entry | kbd:[Ctrl + D] -|Copy Username | kbd:[Ctrl + B] -|Copy Password | kbd:[Ctrl + C] -|Copy URL | kbd:[Ctrl + U] -|Open URL | kbd:[Ctrl + Shift + U] -|Copy TOTP | kbd:[Ctrl + T] -|Copy Password and TOTP | kbd:[Ctrl + Y] -|Show TOTP | kbd:[Ctrl + Shift + T] -|Trigger AutoType | kbd:[Ctrl + Shift + V] -|Add key to SSH Agent | kbd:[Ctrl + H] -|Remove key from SSH Agent | kbd:[Ctrl + Shift + H] -|Jump to Group (from search) | kbd:[Ctrl + Shift + J] -|Move entry up (if unsorted) | kbd:[Alt + Up] -|Move entry down (if unsorted) | kbd:[Alt + Down] -|Sort Groups A-Z | kbd:[Ctrl + Down] -|Sort Groups Z-A | kbd:[Ctrl + Up] -|Minimize Window | kbd:[Ctrl + M] -|Hide Window | kbd:[Ctrl + Shift + M] -|Select Next Database Tab | kbd:[Ctrl + Tab] + -_or_ + -kbd:[Ctrl + PgDn] -|Select Previous Database Tab | kbd:[Ctrl + Shift + Tab] + -_or_ + -kbd:[Ctrl + PgUp] -|Select the nth database | kbd:[Ctrl + <n>], where kbd:[<n>] is the number of the database tab -|Toggle Passwords Hidden | kbd:[Ctrl + Shift + C] -|Toggle Usernames Hidden | kbd:[Ctrl + Shift + B] -|Focus Groups (edit if focused) | kbd:[F1] -|Focus Entries (edit if focused) | kbd:[F2] -|Focus Search | kbd:[F3] + -_or_ + -kbd:[Ctrl + F] -|Clear Search | kbd:[Esc] -|Show Keyboard Shortcuts | kbd:[Ctrl + /] +|Open Database | Ctrl + O +|Save Database | Ctrl + S +|Save Database As | Ctrl + Shift + S +|New Database | Ctrl + Shift + N +|Close Database | Ctrl + W ; Ctrl + F4 +|Lock All Databases | Ctrl + L +|Quit | Ctrl + Q +|New Entry | Ctrl + N +|Edit Entry | Enter ; Ctrl + E +|Delete Entry | Delete +|Clone Entry | Ctrl + K +|Copy Username | Ctrl + B +|Copy Password | Ctrl + C +|Copy URL | Ctrl + U +|Open URL | Ctrl + Shift + U +|Copy TOTP | Ctrl + T +|Copy Password and TOTP | Ctrl + Y +|Show TOTP | Ctrl + Shift + T +|Trigger AutoType | Ctrl + Shift + V +|Add key to SSH Agent | Ctrl + H +|Remove key from SSH Agent | Ctrl + Shift + H +|Minimize Window | Ctrl + M +|Hide Window | Ctrl + Shift + M +|Select Next Database Tab | Ctrl + Tab ; Ctrl + PageDn +|Select Previous Database Tab | Ctrl + Shift + Tab ; Ctrl + PageUp +|Select the nth database | Ctrl + n, where n is the number of the database tab +|Toggle Passwords Hidden | Ctrl + Shift + C +|Toggle Usernames Hidden | Ctrl + Shift + B +|Focus Groups (edit if focused) | F1 +|Focus Entries (edit if focused) | F2 +|Focus Search | F3 ; Ctrl + F +|Clear Search | Escape +|Show Keyboard Shortcuts | Ctrl + / |=== // end::content[] - diff --git a/docs/topics/Passkeys.adoc b/docs/topics/Passkeys.adoc deleted file mode 100644 index bfb472024..000000000 --- a/docs/topics/Passkeys.adoc +++ /dev/null @@ -1,104 +0,0 @@ -= KeePassXC – Passkeys -include::.sharedheader[] -:imagesdir: ../images - -// tag::content[] -== Passkeys - -Passkeys are a secure way for replacing passwords that is supported by all major browser vendors and an increasing number of websites. For more information on what passkeys are and how they work, please go to the FIDO Alliance's documentation: https://fidoalliance.org/passkeys/ - -=== Browser Passkey Support - -KeePassXC supports passkeys directly through the Browser Integration service. Passkeys are only supported with the use of the KeePassXC Browser Extension and a properly connected database. To enable passkey support on the extension, you must check the _Enable Passkeys_ option in the extension settings page. - -.Enable Passkey Support in the KeePassXC Browser Extension -image::passkeys_enable_from_extension.png[,75%] - -Optionally, you can disable falling back to the built-in passkey support from your browser and operating system. If left enabled, the extension will show the default passkey dialogs if KeePassXC cannot handle the request or the request is canceled. - -=== Create a New Passkey - -Creating a new passkey and authenticating with it is a simple process. This workflow will be demonstrated using GitHub as an example site. Please note that GitHub allows two use cases for passkeys, one for 2FA only and the other for replacement of username and password entirely. We will be configuring the latter use case in this example. - -After navigating to GitHub's _Settings_ -> _Password and authentication_, there is a separate section shown for passkeys. - -.GitHub's Passkey Registration -image::passkeys_github_1.png[] - -After clicking the _Add a passkey_ button, the user is redirected to another page showing the actual configuration option. - -.Configure Passwordless Authentication -image::passkeys_github_2.png[,50%] - -Clicking the _Add passkey_ button now shows the following popup dialog for the user, asking confirmation for creating a new passkey. - -.Passkey Registration Confirmation Dialog -image::passkeys_register_dialog.png[,30%] - -After the passkey has been registered, a new entry is created to the database under _KeePassXC-Browser Passwords_ with _(passkey)_ added to the entry title. The entry holds additional attributes that are used for authenticating the passkey. - -After registration, GitHub will ask a name for the passkey. This is only relevant for the server. - -.GitHub's Passkey Nickname -image::passkeys_github_3.png[,50%] - -Now the passkey should be shown on the GitHub's passkey section. - -.Registered Passkeys on GitHub -image::passkeys_github_4.png[] - -=== Login With a Passkey - -The passkey created in the previous section can now be used to login to GitHub. Instead of logging in with normal credentials, choose _Sign in with a passkey_ at the bottom of GitHub's login page. - -.GitHub's login page with a Passkey option -image::passkeys_github_5.png[,50%] - -After clicking the button, KeePassXC-Browser detects the passkeys authentication and KeePassXC shows the following dialog for confirmation. - -.Passkey authentication confirmation dialog -image::passkeys_authentication_dialog.png[,50%] - -After confirmation user is now authenticated and logged into GitHub. - -// tag::advanced[] -=== Advanced Usage - -==== Multiple Passkeys for a Site - -Multiple passkeys can be created for a single site. When registering a new passkey with a different username, KeePassXC shows an option to register a new passkey or update the previous one. Updating a passkey will override the existing entry, so this option should be only used when actually needed. - -.Passkey authentication confirmation dialog -image::passkeys_update_dialog.png[,50%] - -==== Exporting Passkeys - -All passkeys in a database can be viewed and accessed from the _Database_ -> _Passkeys..._ menu item. The page shows both _Import_ and _Export_ buttons for passkeys. - -.Passkeys Overview -image::passkeys_all_passkeys.png[] - -After selecting one or more entries, the following dialog is shown. One or multiple passkeys can be selected for export from the previously selected list of entries. - -.Passkeys Export Dialog -image::passkeys_export_dialog.png[,65%] - -Exported passkeys are stored in JSON format using the `.passkey` file extension. The file includes all relevant information for importing a passkey to another database or saving a backup. - -WARNING: The exported passkey file is unencrypted and should be securely stored. - -==== Importing Passkeys - -An exported passkey can be imported directly to a database or to an entry. To import directly, use the _Database_ -> _Import Passkey_ menu item. -When right-clicking an entry, a separate menu item for _Import Passkey_ is shown. This is useful if user wants to import a previously created passkey to an existing entry. - -.Import Passkey to an Entry -image::passkeys_import_passkey_to_entry.png[,50%] - -After selecting a passkey file to import, a separate dialog is shown where you can select which database, group, and entry to target. By default, the group is set to _Imported Passkeys_. The default action is to create a new entry that contains the imported passkey. - -.Passkey import dialog -image::passkeys_import_dialog.png[,65%] - -// end::advanced[] -// end::content[] diff --git a/docs/topics/PasswordGenerator.adoc b/docs/topics/PasswordGenerator.adoc index b36b2ed9a..2d8310b83 100644 --- a/docs/topics/PasswordGenerator.adoc +++ b/docs/topics/PasswordGenerator.adoc @@ -1,4 +1,4 @@ -= KeePassXC – Password Generator += KeePassXC - Password Generator include::.sharedheader[] :imagesdir: ../images @@ -19,8 +19,9 @@ image::password_generator.png[] 3. Select the length of the desired password by dragging the Length slider. 4. Select the character-sets that you want to include in your password. -5. Use the regenerate button (kbd:[Ctrl + R]) to make a new password using the chosen options. -6. Use the clipboard button (kbd:[Ctrl + C]) to copy the generated password to the clipboard. +5. Use the regenerate button (Ctrl + R) to make a new password using the chosen options. +6. Use the clipboard button (Ctrl + C) to copy the generated password to the clipboard. +// tag::advanced[] 7. Click the Advanced button to specify additional conditions for your desired password. + .Advanced Password Generator Options @@ -39,6 +40,7 @@ Word Count slider. 3. In the Word Separator field, enter a character, word, number, or space that you want to use as a separator between the words in your passphrase. 4. _(Optional)_ You can choose a word case between lower, upper, and title case options. 5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub]. -6. Click the Regenerate button (kbd:[Ctrl + R]) to generate a new random passphrase. -7. Click the Clipboard button (kbd:[Ctrl + C]) to copy the passphrase to the clipboard. +6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase. +7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard. +// end::advanced[] // end::content[] diff --git a/docs/topics/Reference.adoc b/docs/topics/Reference.adoc index aefb8c1af..fb9545ed2 100644 --- a/docs/topics/Reference.adoc +++ b/docs/topics/Reference.adoc @@ -1,4 +1,4 @@ -= KeePassXC – Reference += KeePassXC - Reference include::.sharedheader[] :imagesdir: ../images @@ -18,8 +18,6 @@ This section contains full details on advanced features available in KeePassXC. |{NOTES} |Notes |{TOTP} |Current TOTP value (if configured) |{S:<ATTRIBUTE_NAME>} |Value for the given attribute (case sensitive) -|{T-CONV:/<PLACEHOLDER>/<METHOD>/} |Text conversion for resolved placeholder (e.g., {USERNAME}) using the following methods: UPPER, LOWER, BASE64, HEX, URI, URI-DEC -|{T-REPLACE-RX:/<PLACEHOLDER>/<REGEX>/<REPLACE>/} |Use a regular expression to find and replace data from a resolved placeholder (e.g., {USERNAME}). Refer to match groups using $1, $2, etc. |{URL:RMVSCM} |URL without scheme (e.g., https) |{URL:WITHOUTSCHEME} |URL without scheme |{URL:SCM} |URL Scheme @@ -49,21 +47,19 @@ This section contains full details on advanced features available in KeePassXC. |{DB_DIR} |Absolute directory path of database file |=== -NOTE: You can insert literal placeholder strings by escaping the beginning and ending curly braces. For example, to insert the string `{USERNAME}`, you would type `++\{USERNAME\}++`. - === Entry Cross-Reference A reference to another entry's field is possible using the shorthand syntax: `{REF:<FIELD>@<SEARCH_IN>:<SEARCH_TEXT>}` `<FIELD>` and `<SEARCH_IN>` can be one of following: -* T – Title -* U – Username -* P – Password -* A – URL -* N – Notes -* I – UUID (found on entry properties page) -* O – Custom Attribute _(SEARCH_IN only)_ +* T - Title +* U - Username +* P - Password +* A - URL +* N - Notes +* I - UUID (found on entry properties page) +* O - Custom Attribute _(SEARCH_IN only)_ Examples: + `{REF:U@I:033054D445C648C59092CC1D661B1B71}` + @@ -79,8 +75,8 @@ Examples: + |Press the corresponding keyboard key |{UP}, {DOWN}, {LEFT}, {RIGHT} |Press the corresponding arrow key -|{F1}, {F2}, ..., {F16} |Press kbd:[F1], kbd:[F2], etc. -|{LEFTBRACE}, {RIGHTBRACE} |Press kbd:[{] or kbd:[}], respectively +|{F1}, {F2}, ..., {F16} |Press F1, F2, etc. +|{LEFTBRACE}, {RIGHTBRACE} |Press `{` or `}`, respectively |{<KEY> X} |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces) |{DELAY=X} |Set delay between key presses to X milliseconds |{DELAY X} |Pause typing for X milliseconds @@ -92,10 +88,10 @@ Examples: + |=== |Modifier |Description -|+ |kbd:[Shift] -|^ |kbd:[Ctrl] -|% |kbd:[Alt] -|# |kbd:[Win]/kbd:[Cmd] +|+ |SHIFT +|^ |CTRL +|% |ALT +|# |WIN/CMD |=== *Text Conversions:* @@ -128,21 +124,5 @@ Use regular expressions to find and replace data from a resolved placeholder. Re `C:\Backups\MyDatabase\01-05-2022.kdbx` |=== -=== Creating a YubiKey backup -It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown: - -1. Create a 20 byte HMAC key: -+ -``` -dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40 -``` - -2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_: -+ -``` -ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update -``` - -You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key. // end::content[] diff --git a/docs/topics/SSHAgent.adoc b/docs/topics/SSHAgent.adoc index 8b385c64c..e47ffa506 100644 --- a/docs/topics/SSHAgent.adoc +++ b/docs/topics/SSHAgent.adoc @@ -1,14 +1,14 @@ -= KeePassXC – SSH Agent integration += KeePassXC - SSH Agent integration include::.sharedheader[] :imagesdir: ../images // tag::content[] -== SSH Agent Integration +== SSH Agent integration SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, macOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys. KeePassXC SSH Agent integration is built to manage SSH keys in a secure manner by either storing them completely within your KeePassXC database or by having only the decryption key of a key file that is stored elsewhere. SSH Agent integration _does not_ provide an agent itself but works as a client for any agent implementation that is OpenSSH compatible. -=== OpenSSH Agent on Linux +=== OpenSSH agent on Linux If you are using a modern desktop Linux distribution it is very likely the OpenSSH agent is already configured and running when you have logged in to a graphical desktop session. This should be true for distributions like Debian, Ubuntu (including Kubuntu, Xubuntu and Lubuntu), Linux Mint, Fedora, ElementaryOS and Manjaro. @@ -32,10 +32,10 @@ WARNING: _GNOME Keyring_ prior to release 3.27.92 had its own custom implementat It does not support any constraints you may want to configure for an added key. If you are running a modern distribution the custom agent has been removed and replaced with the stock OpenSSH agent which is feature complete. -=== OpenSSH Agent on macOS +=== OpenSSH agent on macOS Apple has made OpenSSH an integrated part of macOS with automatic agent startup when it is first used. No further configuration is needed. -=== OpenSSH Agent and Pageant on Windows +=== OpenSSH agent and Pageant on Windows The SSH Agent integration on Windows supports both _PuTTY Pageant_ and _OpenSSH for Windows 10_. Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows, it is the default on KeePassXC. However, Microsoft includes a native OpenSSH client implementation with Windows 10 since autumn 2018 that can be used instead. If you would like to self-manage your OpenSSH version you can use the builds offered via their official https://github.com/powershell/Win32-OpenSSH[GitHub repository]. @@ -61,7 +61,7 @@ Alternatively, you can use a _Windows PowerShell_ running as _Administrator_ to KeePassXC and other compatible tools can now use the Windows OpenSSH agent. To use it with KeePassXC, update the settings explained in <>. -=== Setup SSH Agent Integration +=== Setting up SSH Agent integration By default the SSH Agent integration plugin is disabled. To enable integration, follow the steps below to access the settings: @@ -78,10 +78,10 @@ On Windows, you have the option to select _Pageant_ and/or _OpenSSH for Windows_ If the value of _SSH_AUTH_SOCK_ is empty it means the agent is not properly configured and KeePassXC will be unable to connect to it unless you provide a static override path to the socket. -=== Generating an SSH Key +=== Generating a key to use with KeePassXC KeePassXC only supports keys in the _OpenSSH_ format. On Windows, _PuTTYgen_ saves keys in its own format by default and you will need to convert them to OpenSSH format before being used. In this guide we are going to generate a standard RSA key in the default size. -==== Generating a key on Linux or macOS +==== Generating a key on Linux or macOS with _ssh-keygen_ Open a terminal window and type the following command to generate a key: $ ssh-keygen -o -f keepassxc -C johndoe@example @@ -116,13 +116,13 @@ With KeePassXC you only need the first file listed. ==== Generating a key on Windows On Windows you can generate key pairs with _PuTTYgen_ and with _ssh-keygen_, depending on whether you installed PuTTY and your Windows version. -===== Using PuTTYgen +===== Using _PuTTYgen_ Please read the manual on how to use _PuTTYgen_ for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in the new OpenSSH format, see image below. .Generating a key with _PuTTYgen_ image::sshagent_puttygen.png[,70%] -===== Using ssh-keygen +===== Using _ssh-keygen_ Open _Command Prompt_ or _Windows PowerShell_ and type the following command to generate a key: PS C:\Users\user> ssh-keygen.exe -o -f keepassxc -C johndoe@example @@ -159,7 +159,7 @@ Now we can see two files were generated: With KeePassXC you only need the first file listed. -=== Adding SSH Key to an Entry +=== Configuring an entry to use SSH Agent The last step is to setup an entry to contain the SSH Agent settings and key file you generated. 1. Create a new entry, or open an existing entry in edit mode. diff --git a/docs/topics/SecretService.adoc b/docs/topics/SecretService.adoc deleted file mode 100644 index 1938237fa..000000000 --- a/docs/topics/SecretService.adoc +++ /dev/null @@ -1,48 +0,0 @@ -= KeePassXC – Secret Service Integration -include::.sharedheader[] -:imagesdir: ../images - -// tag::content[] -== Secret Service Integration -This feature allows KeePassXC to act as a Secret Service provider over DBus. It enables applications to store and retrieve secrets securely via the https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/[Secret Storage specification]. While running, KeePassXC acts as a Secret Service server registered on DBus so clients like seahorse, python-secretstorage, secret-tool, or other implementations can connect and access the exposed database in KeePassXC. - -=== Enabling the Integration -Only one secret service provider can be enabled at a time. You may have to disable other providers, such as GNOME Keyring or KWallet, to use KeePassXC as a secret service provider. You will see a notice when attempting to enable KeePassXC as the secret service provider if another is already running. - -To replace most third party secret service providers with KeePassXC, run the following shell snippet: - -```bash -mkdir -p "${XDG_DATA_HOME:-${HOME}/.local/share}/dbus-1/services" -cat > "${XDG_DATA_HOME:-${HOME}/.local/share}/dbus-1/services/org.freedesktop.secrets.service" <