KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Go to file
Christoph Honal 6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
.github Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
.tx Update TX config and merge update.sh into release-tool 2021-09-28 15:50:27 +02:00
cmake Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) 2021-10-01 10:39:07 -04:00
docs Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
share Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) 2021-10-01 10:39:07 -04:00
snap Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
src Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) 2021-10-01 10:39:07 -04:00
tests Remove WITH_GUI_TESTS exclusion for CLI tests (#6946) 2021-09-26 12:36:54 +02:00
utils Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
.clang-format Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
.gitattributes Improve macOS platform integration. 2021-01-07 15:22:48 +01:00
.gitignore Add gitignore for MSVC files 2021-07-08 15:54:41 -04:00
CHANGELOG.md Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
CMakeLists.txt Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) 2021-10-01 10:39:07 -04:00
CODE-OF-CONDUCT.md CODE-OF-CONDUCT.md: fix typo 2020-12-10 12:47:41 +01:00
codecov.yaml Clean up code coverage reporting. 2021-09-28 14:15:37 +02:00
COPYING Initial ykcore import into code base 2021-09-05 09:11:04 -04:00
INSTALL.md Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) 2021-10-01 10:39:07 -04:00
LICENSE.BSD Add crypto classes and tests. Link to libgcrypt. 2010-09-11 19:49:30 +02:00
LICENSE.CC0 Fix database icons license issues. 2013-03-23 21:50:23 +01:00
LICENSE.GPL-2 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.GPL-3 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.LGPL-2.1 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.LGPL-3 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.MIT Fix macOS building and code signing, resolves #1344 2018-01-13 23:49:24 +01:00
LICENSE.NOKIA-LGPL-EXCEPTION Add support for gzip compressed databases. 2010-09-23 22:27:59 +02:00
LICENSE.OFL Add OFL-1.1 text 2020-01-27 23:01:01 -05:00
README.md Update README.md 2021-09-27 01:01:03 +02:00
release-tool Update and improve release-tool 2021-09-30 09:00:12 +02:00
sonar-project.properties Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00

KeePassXC

TeamCity Build Status codecov GitHub release

Matrix community channel Matrix development channel

KeePassXC is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted in customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.

Quick Start

The QuickStart Guide gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the downloads page. Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the User Guide.

Features List

KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.

Basic

  • Create, open, and save databases in the KDBX format (KeePass compatible to KDBX4 and KDBX3)
  • Store sensitive information in entries that are organized by groups
  • Search for entries
  • Password generator
  • Auto-Type passwords into applications
  • Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
  • Entry icon download
  • Import databases from CSV, 1Password, and KeePass1 formats

Advanced

  • Database reports (password health, HIBP, and statistics)
  • Database export to CSV and HTML formats
  • TOTP storage and generation
  • Field references between entries
  • File attachments and custom attributes
  • Entry history and data restoration
  • YubiKey/OnlyKey challenge-response support
  • Command line interface (keepassxc-cli)
  • Auto-Open databases
  • KeeShare shared databases (import, export, and synchronize)
  • SSH Agent
  • FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
  • Additional encryption choices: Twofish and ChaCha20

For a full list of changes, read the CHANGELOG document.
For a full list of keyboard shortcuts, see KeyboardShortcuts.adoc

Building KeePassXC

Detailed instructions are available in the Build and Install page and in the Wiki.

Contributing

We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the issue tracker on GitHub, or join us on Matrix community channel or Matrix development channel, or on IRC in Libera.Chat channels #keepassxc and #keepassxc-dev.

You may directly contribute your own code by submitting a pull request. Please read the CONTRIBUTING document for further information.

Contributors are required to adhere to the project's Code of Conduct.

License

KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in COPYING.