KeePassXC Browser Extension
Find a file
2017-04-11 16:06:00 +03:00
chromeKeePassXC Removed static debug variables 2017-04-11 16:06:00 +03:00
com.varjolintu.chromekeepassxc.json First draft of the development version 2017-03-29 16:49:28 +03:00
LICENSE Initial commit 2017-03-27 07:28:17 +03:00
README.md Changed database saving from hash to a current public key which acts as an id key. 2017-04-04 17:56:56 +03:00

chromeKeePassXC

Chrome extension for KeePassXC with Native Messaging.

This is a heavily forked version of pfn's chromeIPass.

PassIFox & ChromeIPass Copyright © 2010-2017 Perry Nguyen  
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

Protocol

Transmitting messages between KeePassXC and chromeKeePassXC is totally rewritten. This is still under development. Now the requests are encrypted by TweetNaCl.js box method and does the following:

  1. chromeKeePassXC generates a key pair (with public and secret key) and transfers the public key to KeePassXC
  2. When KeePassXC receives the public key it generates its own key pair and transfers the public key to chromeKeePassXC
  3. All messages (excluding get-databasehash) are now encrypted.
  4. When chromeKeePassXC sends a message it is encrypted with KeePassXC's public key, a random generated nonce and chromeKeePassXC's secret key.
  5. When KeePassXC sends a message it is encrypted with chromeKeePassXC's public key etc.
  6. Databases are stored based on the current public key used with associate. A new key pair for data transfer is generated each time chromeKeePassXC is launched.

Encrypted messages are built with these JSON parameters:

  • action - test-associate, associate, get-logins, get-logins-count, set-login...
  • message - Encrypted message, base64 encoded
  • nonce - 24 bytes long random data, base64 encoded. This must be the same when responding to a request.

get-databasehash

Request:

{
	"action": "get-databasehash"
}

Response (success):

{
	"action": "hash",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}

associate

Unencrypted message:

{
	"action": "associate",
	"key": "<current public key>"
}

Request:

{
	"action": "associate",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2",
	"success": "true",
	"id": "testclient",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

test-associate

Unencrypted message:

{
	"action": "test-associate",
	"key": "<saved database public key>"
}

Request:

{
	"action": "test-associate",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"version": "2.1.2",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"hash": "29234e32274a32276e25666a42",
	"id": "testclient",
	"success": "true"
}

generate-password

Unencrypted message:

{
	"action": "generate-password"
}

Request:

{
	"action": "generate-password",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"version": "2.1.2",
	"entries": [
		{
			"login": 144,
			"password": "testclientpassword"
		}
	],
	"success": "true",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

get-logins

Unencrypted message:

{
	"action": "get-logins",
	"url": "<snip>",
	"submitUrl": optional
}

Request:

{
	"action": "get-logins",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"count": "2",
	"entries" : [
	{
		"login": "user1",
		"name": "user1",
		"password": "passwd1"
	},
	{
		"login": "user2",
		"name": "user2",
		"password": "passwd2"
	}],
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"success": "true",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}

set-login

Unencrypted message:

{
	"action": "set-login",
	"url": "<snip>",
	"submitUrl": "<snip>",
	"id": "testclient",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"login": "user1",
	"password": "passwd1"
}

Request:

{
	"action": "set-login",
	"message": encryptedMessage
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q"
}

Response message data (success, decrypted):

{
	"count": null,
	"entries" : null,
	"error": "",
	"nonce": "tZvLrBzkQ9GxXq9PvKJj4iAnfPT0VZ3Q",
	"success": "true",
	"hash": "29234e32274a32276e25666a42",
	"version": "2.1.2"
}