mirror of
https://github.com/keepassxreboot/keepassxc-browser.git
synced 2026-03-11 08:54:43 +00:00
Documentation changes
This commit is contained in:
parent
fc6106638b
commit
60008dd692
3 changed files with 9 additions and 9 deletions
10
README.md
10
README.md
|
|
@ -14,15 +14,15 @@ Please thee this [wiki page](hhttps://github.com/varjolintu/keepassxc-browser/wi
|
|||
## How it works
|
||||
There are two methods which you can use keepassxc-browser to connect to KeePassXC:
|
||||
|
||||
1. keepassxc-browser communicates directly with KeePassXC via stdin/stdout. This method launches KeePassXC every time you start the browser and closes when you exit.
|
||||
This can cause unsaved changes not to be saved. If you use this method it's important to enable `Automatically save after every change` from KeePassXC's preferences.
|
||||
|
||||
2. keepassxc-browser communicated with KeePassXC through keepassxc-proxy. The proxy handles listening stdin/stdout
|
||||
1. keepassxc-browser communicated with KeePassXC through keepassxc-proxy. The proxy handles listening stdin/stdout
|
||||
and transfers these messages through Unix domain sockets / named pipes to KeePassXC. This means KeePassXC can be used and started normally without inteference from
|
||||
Native Messaging API. keepassxc-browser starts only the proxy application and there's no risk of shutting down KeePassXC or losing any unsaved changes. You don't need to install keepassxc-proxy separately. It is included in the latest KeePassXC fork. Use it if you want to make your own proxy or improve/extend it. Alternatively you can use
|
||||
[keepassxc-proxy-rust](https://github.com/varjolintu/keepassxc-proxy-rust) as a proxy if you prefer a non-Qt solution. There's also Python and C++ versions available at
|
||||
[keepassxc-proxy](https://github.com/varjolintu/keepassxc-proxy).
|
||||
|
||||
2. keepassxc-browser communicates directly with KeePassXC via stdin/stdout. Using native messaging directly is a more secure as it ensures the traffic between KeePassXC and keepassxc-browser is direct. This method launches KeePassXC every time you start the browser and closes when you exit.
|
||||
This can cause unsaved changes not to be saved. If you use this method it's important to enable `Automatically save after every change` from KeePassXC's preferences. Because this option is not preferred as default it's good to test this feature with your OS and ensure KeePassXC asks to confirm any unsaved changes before exit.
|
||||
|
||||
## Improvements
|
||||
The following improvements and features have been made after the fork. At this point some features are only available with the KeePassXC fork:
|
||||
- Real-time detection of database status (locked/unlocked)
|
||||
|
|
@ -36,7 +36,7 @@ The following improvements and features have been made after the fork. At this p
|
|||
- Redesigned password generator dialog
|
||||
- Password generator supports diceware passphrases and extended ASCII characters
|
||||
- Autocomplete works also when only password fields are visible
|
||||
- Supports TOTP with custom KHP placeholders
|
||||
- Supports TOTP with custom KHP placeholders (`KPH: {TOPT}`)
|
||||
|
||||
## Protocol
|
||||
|
||||
|
|
|
|||
|
|
@ -200,10 +200,10 @@
|
|||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||
<h3 class="modal-title" id="myModalLabel">Remove identifier from Chrome?</h3>
|
||||
<h3 class="modal-title" id="myModalLabel">Remove identifier from database list?</h3>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<p>Do you really want to remove the identifier <span class="bold"></span> from Chrome?</p>
|
||||
<p>Do you really want to remove the identifier <span class="bold"></span> from the database list?</p>
|
||||
<p class="help-block">You can reconnect your database at any time.</p>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ Transmitting messages between KeePassXC and keepassxc-browser is totally rewritt
|
|||
Now the requests are encrypted by [TweetNaCl.js](https://github.com/dchest/tweetnacl-js) box method and does the following:
|
||||
|
||||
1. keepassxc-browser generates a key pair (with public and secret key) and transfers the public key to KeePassXC
|
||||
2. When KeePassXC receives the public key it generates its own key pair and transfers the public key to keepassxc-browser
|
||||
2. When KeePassXC receives the public key it generates its own key pair and transfers the public key to keepassxc-browser. Public key is transferred in plain-text. Secret keys are never transferred or used anywhere except when encrypting/decrypting.
|
||||
3. All messages between the browser extension and KeePassXC are now encrypted.
|
||||
4. When keepassxc-browser sends a message it is encrypted with KeePassXC's public key, a random generated nonce and keepassxc-browser's secret key.
|
||||
5. When KeePassXC sends a message it is encrypted with keepassxc-browser's public key and an incremented nonce.
|
||||
6. Databases are stored based on the current public key used with `associate`. A new key pair for data transfer is generated each time keepassxc-browser is launched.
|
||||
6. Databases are stored based on the current public key used with `associate`. A new key pair for data transfer is generated each time keepassxc-browser is launched. This saved key is not used again, as it's only used for identification.
|
||||
|
||||
Encrypted messages are built with these JSON parameters:
|
||||
- action - `test-associate`, `associate`, `get-logins`, `get-logins-count`, `set-login`...
|
||||
|
|
|
|||
Loading…
Reference in a new issue