mirror of
https://github.com/keepassxreboot/keepassxc-browser.git
synced 2026-03-11 08:54:43 +00:00
KeePassXC Browser Extension
| chromeKeePassXC | ||
| com.varjolintu.chromekeepassxc.json | ||
| LICENSE | ||
| README.md | ||
chromeKeePassXC
Chrome extension for KeePassXC with Native Messaging.
This is a heavily forked version of pfn's chromeIPass.
PassIFox & ChromeIPass Copyright © 2010-2017 Perry Nguyen
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Protocol
Transmitting messages between KeePassXC and chromeKeePassXC is totally rewritten. This is still under development. Now the requests are encrypted by TweetNaCl.js box method and does the following:
- chromeKeePassXC generates a key pair (with public and secret key) and transfers the public key to KeePassXC
- When KeePassXC receives the public key it generates its own key pair and transfers the public key to chromeKeePassXC
- All messages (excluding get-databasehash) are now encrypted.
- When chromeKeePassXC sends a message it is encrypted with KeePassXC's public key, a random generated nonce and chromeKeePassXC's secret key.
- When KeePassXC sends a message it is encrypted with chromeKeePassXC's public key etc.
- Databases are stored based on the current public key used with
associate. A new key pair for data transfer is generated each time chromeKeePassXC is launched.
Encrypted messages are built with these JSON parameters:
- action -
test-associate,associate,get-logins,get-logins-count,set-login... - message - Encrypted message, base64 encoded
- nonce - 24 bytes long random data, base64 encoded. This must be the same when responding to a request.
get-databasehash
Request:
{
"action": "get-databasehash"
}
Response (success):
{
"action": "hash",
"hash": "29234e32274a32276e25666a42",
"version": "2.1.2"
}
associate
Unencrypted message:
{
"action": "associate",
"key": "<current public key>"
}
Request:
{
"action": "associate",
"message": encryptedMessage
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
Response message data (success, decrypted):
{
"hash": "29234e32274a32276e25666a42",
"version": "2.1.2",
"success": "true",
"id": "testclient",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
test-associate
Unencrypted message:
{
"action": "test-associate",
"id": "saved database identifier>",
"key": "<saved database public key>"
}
Request:
{
"action": "test-associate",
"message": encryptedMessage
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
Response message data (success, decrypted):
{
"version": "2.1.2",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
"hash": "29234e32274a32276e25666a42",
"id": "testclient",
"success": "true"
}
generate-password
Request:
{
"action": "generate-password",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
Response message data (success, decrypted):
{
"version": "2.1.2",
"entries": [
{
"login": 144,
"password": "testclientpassword"
}
],
"success": "true",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
get-logins
Unencrypted message:
{
"action": "get-logins",
"url": "<snip>",
"submitUrl": optional
}
Request:
{
"action": "get-logins",
"message": encryptedMessage
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
Response message data (success, decrypted):
{
"count": "2",
"entries" : [
{
"login": "user1",
"name": "user1",
"password": "passwd1"
},
{
"login": "user2",
"name": "user2",
"password": "passwd2"
}],
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
"success": "true",
"hash": "29234e32274a32276e25666a42",
"version": "2.1.2"
}
set-login
Unencrypted message:
{
"action": "set-login",
"url": "<snip>",
"submitUrl": "<snip>",
"id": "testclient",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
"login": "user1",
"password": "passwd1"
}
Request:
{
"action": "set-login",
"message": encryptedMessage
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}
Response message data (success, decrypted):
{
"count": null,
"entries" : null,
"error": "",
"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
"success": "true",
"hash": "29234e32274a32276e25666a42",
"version": "2.1.2"
}