KeePassXC Browser Extension
Find a file
2017-05-28 12:04:54 +03:00
chromeKeePassXC Removed debug logging messages and unnecessary permissions from manifest 2017-05-28 12:04:39 +03:00
CHANGELOG Removed debug logging messages and unnecessary permissions from manifest 2017-05-28 12:04:39 +03:00
com.varjolintu.chromekeepassxc-chrome.json Added new host json files 2017-05-23 14:40:05 +03:00
com.varjolintu.chromekeepassxc-firefox.json Added new host json files 2017-05-23 14:40:05 +03:00
install.sh Modified install script 2017-05-23 14:41:43 +03:00
LICENSE Initial commit 2017-03-27 07:28:17 +03:00
README.md Updated README 2017-05-23 13:17:45 +03:00

chromeKeePassXC

Chrome extension for KeePassXC with Native Messaging.

This is a heavily forked version of pfn's chromeIPass. For testing purposes, please use following unofficial KeePassXC release's.

Get the extension for Firefox or Chrome/Chromium.

Protocol

Transmitting messages between KeePassXC and chromeKeePassXC is totally rewritten. This is still under development. Now the requests are encrypted by TweetNaCl.js box method and does the following:

  1. chromeKeePassXC generates a key pair (with public and secret key) and transfers the public key to KeePassXC
  2. When KeePassXC receives the public key it generates its own key pair and transfers the public key to chromeKeePassXC
  3. All messages (excluding get-databasehash) are now encrypted.
  4. When chromeKeePassXC sends a message it is encrypted with KeePassXC's public key, a random generated nonce and chromeKeePassXC's secret key.
  5. When KeePassXC sends a message it is encrypted with chromeKeePassXC's public key etc.
  6. Databases are stored based on the current public key used with associate. A new key pair for data transfer is generated each time chromeKeePassXC is launched.

Encrypted messages are built with these JSON parameters:

  • action - test-associate, associate, get-logins, get-logins-count, set-login...
  • message - Encrypted message, base64 encoded
  • nonce - 24 bytes long random data, base64 encoded. This must be the same when responding to a request.

change-public-keys

Request:

{
	"action": "change-public-keys",
	"publicKey": "<current public key>",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response (success):

{
	"action": "change-public-keys",
	"version": "2.1.2",
	"publicKey": "<host public key>",
	"success": "true"
}

get-databasehash

Request:

{
	"action": "get-databasehash"
}

Response (success):

{
	"action": "hash",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}

associate

Unencrypted message:

{
	"action": "associate",
	"key": "<current public key>"
}

Request:

{
	"action": "associate",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2",
	"success": "true",
	"id": "testclient",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

test-associate

Unencrypted message:

{
	"action": "test-associate",
	"id": "<saved database identifier>",
	"key": "<saved database public key>"
}

Request:

{
	"action": "test-associate",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"version": "2.1.2",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"hash": "29234e32274a32276e25666a42",
	"id": "testclient",
	"success": "true"
}

generate-password

Request:

{
	"action": "generate-password",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"version": "2.1.2",
	"entries": [
		{
			"login": 144,
			"password": "testclientpassword"
		}
	],
	"success": "true",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

get-logins

Unencrypted message:

{
	"action": "get-logins",
	"url": "<snip>",
	"submitUrl": optional
}

Request:

{
	"action": "get-logins",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"count": "2",
	"entries" : [
	{
		"login": "user1",
		"name": "user1",
		"password": "passwd1"
	},
	{
		"login": "user2",
		"name": "user2",
		"password": "passwd2"
	}],
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"success": "true",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}

set-login

Unencrypted message:

{
	"action": "set-login",
	"url": "<snip>",
	"submitUrl": "<snip>",
	"id": "testclient",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"login": "user1",
	"password": "passwd1"
}

Request:

{
	"action": "set-login",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"count": null,
	"entries" : null,
	"error": "",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"success": "true",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}

Licenses

PassIFox & ChromeIPass Copyright © 2010-2017 Perry Nguyen  
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

The following quick method to determine which browser is used with API calls by David Rousset:

window.browser = (function () {
  return window.msBrowser ||
    window.browser ||
    window.chrome;
})();
MIT License

Copyright (c) 2016 David Rousset

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.