KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Go to file
Jonathan White 72fc00695c Prevent byte-by-byte and attachment inference side channel attacks
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 12:39:00 -05:00
.github update checkout action 2024-01-01 09:07:40 -05:00
.tx Update translations from Transifex 2023-11-04 14:52:08 -04:00
cmake Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00
docs Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
share Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
snap fix snap build. add libfreetype-dev and libfreetype6 as required packages. 2023-05-28 07:45:05 -04:00
src Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
tests Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
utils Bump golang.org/x/crypto in /utils/keepassxc-cr-recovery 2023-12-18 19:09:51 -05:00
vcpkg/triplets Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00
.clang-format Update .clang-format wtih C++17 standard (#9612) 2023-07-05 03:23:38 -07:00
.gitattributes Improve Visual Studio and vcpkg support 2021-11-16 07:01:48 -05:00
.gitignore Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00
CHANGELOG.md Fix minor typos (#10124) 2023-12-22 15:12:07 -05:00
CMakeLists.txt Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
CODE-OF-CONDUCT.md CODE-OF-CONDUCT.md: fix typo 2020-12-10 12:47:41 +01:00
codecov.yaml Improve codecov configuration 2023-08-06 15:51:14 -04:00
COPYING Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
INSTALL.md Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00
LICENSE.BSD Add crypto classes and tests. Link to libgcrypt. 2010-09-11 19:49:30 +02:00
LICENSE.CC0 Fix database icons license issues. 2013-03-23 21:50:23 +01:00
LICENSE.GPL-2 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.GPL-3 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.LGPL-2.1 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.LGPL-3 Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
LICENSE.MIT Fix macOS building and code signing, resolves #1344 2018-01-13 23:49:24 +01:00
LICENSE.NOKIA-LGPL-EXCEPTION Add support for gzip compressed databases. 2010-09-23 22:27:59 +02:00
LICENSE.OFL Add OFL-1.1 text 2020-01-27 23:01:01 -05:00
README.md Update logo URL in README.md 2023-05-16 06:46:29 -04:00
release-tool Backport 2.7.6 changelog and release-tool updates 2023-08-26 07:23:02 -04:00
release-tool.ps1 Fix Visual Studio install detection in release-tool.ps1 (#10101) 2024-01-27 08:49:28 -05:00
sonar-project.properties Minor documentation and script cleanups (#6868) 2021-09-21 00:17:46 -04:00
vcpkg-configuration.json Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00
vcpkg.json Add vcpkg manifest with build dependencies 2024-03-07 19:03:13 -05:00

KeePassXC

OpenSSF Best Practices TeamCity Build Status codecov GitHub release

Matrix community channel Matrix development channel

KeePassXC is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.

Quick Start

The QuickStart Guide gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the downloads page. Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the User Guide.

Features List

KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.

Basic

  • Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
  • Store sensitive information in entries that are organized by groups
  • Search for entries
  • Password generator
  • Auto-Type passwords into applications
  • Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
  • Entry icon download
  • Import databases from CSV, 1Password, and KeePass1 formats

Advanced

  • Database reports (password health, HIBP, and statistics)
  • Database export to CSV and HTML formats
  • TOTP storage and generation
  • Field references between entries
  • File attachments and custom attributes
  • Entry history and data restoration
  • YubiKey/OnlyKey challenge-response support
  • Command line interface (keepassxc-cli)
  • Auto-Open databases
  • KeeShare shared databases (import, export, and synchronize)
  • SSH Agent integration
  • FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
  • Additional encryption choices: Twofish and ChaCha20

For a full list of changes, read the CHANGELOG document.
For a full list of keyboard shortcuts, see KeyboardShortcuts.adoc

Building KeePassXC

Detailed instructions are available in the Build and Install page and in the Wiki.

Contributing

We are always looking for suggestions on how to improve KeePassXC. If you find any bugs or have an idea for a new feature, please let us know by opening a report in the issue tracker on GitHub, or join us on Matrix community channel or Matrix development channel, or on IRC in Libera.Chat channels #keepassxc and #keepassxc-dev.

You may directly contribute your own code by submitting a pull request. Please read the CONTRIBUTING document for further information.

Contributors are required to adhere to the project's Code of Conduct.

License

KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in COPYING.