Commit graph

263 commits

Author SHA1 Message Date
Jonathan White
4f552ba3ed
Fix various quirks with CSV import widget and parser
* Fixes #11502 - correct improper handling of text qualifiers

* Improve layout of csv import widget
* Hide error messages when trying to import again
2025-03-01 17:14:44 -05:00
Adrian Martin
ea2f17b9a9
Feature: HTML export from CLI tool (#11590)
This commit introduces support for exporting a KeePassXC database in
HTML format via the CLI tool. The key changes include:
- Refactoring HtmlExporter:
  - Moved HtmlExporter to the format directory and made its API
    compatible with CsvExporter.
  - Since the original HtmlExporter had a direct dependency on the
    gui/Icons functions and indirect dependencies on the
    gui/DatabaseIcons class, only the non-GUI parts were moved to
    format/HtmlExporter.
  - All icon-related functionality was encapsulated in a new child
    class, gui/HtmlGuiExporter.
    - The gui/HtmlGuiExporter retains the original functionality of the
      HtmlExporter class.
    - The format/HtmlExporter now generates HTML export without icons.
      Adding icon support to format/HtmlExporter would require moving
      icon management logic to the core, which could have broader
      implications.
- CLI integration:
  - Updated cli/Export to use format/HtmlExporter.
- GUI Integration:
  - Updated gui/export/ExportDialog to use gui/HtmlGuiExporter.
- Build System Updates:
  - Updated CMakeLists.txt to build HtmlExporter as part of core_SOURCES
    and HtmlGuiExporter as part of gui_SOURCES.
- Testing:
  - Updated TestCli to automatically verify the output of the HTML
    export.

Signed-off-by: AdriandMartin <adriandmartin@protonmail.com>
2025-02-23 16:19:13 -05:00
Jonathan White
14ee702b09
Backport code to read database public headers
Some checks failed
CodeQL / Analyze (push) Has been cancelled
This is required to show the public icon, color, and name of a locked database
2025-02-02 10:14:52 -05:00
Jonathan White
080e315a09
Add Proton Pass importer
Some checks failed
CodeQL / Analyze (push) Has been cancelled
* Closes #10465
2025-01-03 18:30:24 -05:00
Sami Vänttinen
383c6d05d1
Support passkeys with Bitwarden import (#11401) 2024-12-21 23:25:15 -05:00
Jonathan White
7de453b838
Avoid hitting assert on XML export
* Fixes #11365
2024-12-21 23:24:41 -05:00
Jonathan White
b671070c0d
Handle alternative 1Pux password entry
* Fixes #11298
2024-10-07 17:48:07 -04:00
Jonathan White
f83cd81ad7
Fix encryption settings behavior
* Fixes #10558
2024-06-16 17:13:11 -04:00
Jonathan White
0aba77ee55
Improve handling of encrypted Bitwarden json
* Fixes #10785
2024-06-16 17:11:13 -04:00
Jonathan White
d14821fb16
Bitwarden and 1PUX importer improvements
* Fixes #10400
  - Support TOTP entries with bare secrets instead of otpauth urls for Bitwarden. Vice-versa for 1PUX.
  - Support Bitwarden Argon2id encryption scheme

* Fixes #10380 - Support Bitwarden organization collections
2024-04-29 09:53:31 -04:00
Jonathan White
fff1b49f73 Prevent byte-by-byte and attachment inference side channel attacks
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 15:21:46 -05:00
Jonathan White
18cfbf729c Add 1Password 1PUX and Bitwarden JSON Importers
* Closes #7545 - Support 1Password 1PUX import format based on https://support.1password.com/1pux-format/

* Closes #8367 - Support Bitwarden JSON import format (both unencrypted and encrypted) based on https://bitwarden.com/help/encrypted-export/

* Fixes #9577 - OPVault import when fields have the same name or type

* Introduce the import wizard to handle all import tasks (CSV, KDBX1, OPVault, 1PUX, JSON)

* Clean up CSV parser code to make it much more efficient and easier to read

* Combine all importer tests (except CSV) into one test file
2024-03-09 15:21:46 -05:00
Jonathan White
6f112b11e4 Minor changes to Group API to make it more explicit
* Include check for group as recycle bin directly into the Group::isRecycled() function

* Return the original root group from Database::setRootGroup(...) to force memory management transfer
2024-03-09 15:21:46 -05:00
Jonathan White
b1168d0233 Fix multiple TOTP issues
* Fix #9847 - don't provide TOTP values if settings are blank or completely wrong
* Fix #6838 - don't reset the ui when creating a new entry and applying TOTP to it
* Move totp source into the core folder
2024-02-04 11:50:52 -05:00
Jonathan White
c477f43c40 Passkeys: Add support for importing Passkey to entry (#9987)
---------
Co-authored-by: Jonathan White <support@dmapps.us>
2024-01-30 18:26:45 -05:00
Jonathan White
f7920c12d5
Translate Cipher and KDF strings
* Fix #8952 - move translations for Cipher and KDF strings into evaluated code instead of globally defined code. The strings were being baked prior to the language being set resulting in only english being displayed.
2023-02-19 08:28:59 -08:00
Jonathan White
f3d448485a Fix OPVault import when there are multiple OTP fields
* Fix #8371 - store multiple OTP fields as `otp_#` instead of silently discarding them.
2022-09-22 06:49:07 -04:00
Jonathan White
1ca358f3fd Improve KDBX error messages 2022-03-20 23:31:52 +01:00
Janek Bevendorff
a3dc977e58 Correctly set KDBX envelope version
Shows a warning when trying to open with a newer minor version than what is currently supported.

We always try to save with the lowest KDBX version possible for maximum compatibility.
2021-11-22 12:58:04 +01:00
Janek Bevendorff
67603ab42e Retain number of rounds when auto-upgrading KDBX version 2021-11-22 12:58:04 +01:00
Janek Bevendorff
c872e406ed Upgrade to KDBX 4 if new 4.1 features are used 2021-11-22 12:58:04 +01:00
Janek Bevendorff
835e31ac3c Implement KDBX 4.1 CustomData modification date
We keep the old merging behaviour for now, since deleting a
CustomData entry does not create DeletedObject.
2021-11-22 12:58:04 +01:00
Janek Bevendorff
390e14b2c6 Implement KDBX 4.1 extended custom icons 2021-11-22 12:58:04 +01:00
Janek Bevendorff
e5822974ac Implement KDBX 4.1 group tags 2021-11-22 12:58:04 +01:00
Janek Bevendorff
cd9ef58e98 Implement KDBX 4.1 PreviousParentGroup flag 2021-11-22 12:58:04 +01:00
Janek Bevendorff
ffaeac130f Implement KDBX 4.1 PasswordQuality flag 2021-11-22 12:58:04 +01:00
louib
004f2b6801 Removing QWidget dependency from src/core. 2021-11-12 07:41:30 -05:00
Patrick Sean Klein
c8f135aaed Resolve references of entry attributes when exporting to HTML. 2021-10-24 10:21:35 -04:00
louib
ec81d2bc3f Moving CsvParser to format/ 2021-08-22 18:30:43 -04:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Jonathan White
871c4fffdd OPVault: Use Text instead of Name for attribute and section names
* Fix #6303 - the text attribute in 1Password contains the actual text seen in 1Password whereas the name attribute may contain a ref pointer and not a name.
2021-04-01 22:59:44 -04:00
Jonathan White
f3d88fbd36 Address translation feedback from Transifex 2021-02-19 18:37:33 -05:00
Janek Bevendorff
9a96124040 Add Argon2id KDF 2020-12-03 20:06:58 +01:00
Jonathan White
f947c96462 Improve CSV export and import capability
* Fixes #3541
* CSV export now includes TOTP settings, Entry Icon (database icon number only), Modified Time, and Created Time.
* CSV import properly understands time in ISO 8601 format and Unix Timestamp.
* CSV import will set the TOTP settings and entry icon based on the chosen column.
2020-09-01 07:57:31 -04:00
Wolfram Rösler
6b96806914 HTML Export: Don't waste horizontal space
The previous version left a lot of white space to the
right of the table, meaning that more pages needed to
be printed for a paper backup. The table has been
reorganized. HTML Backup for the demo.kdbx database
is now down from 6 to 3 pages.
2020-08-31 20:17:30 -04:00
Jonathan White
3b459813ed Replace "Master Key" with "Database Credentials"
Definitions:
* Database Key - Cryptographic hash used to perform encrypt/decrypt of the database.

* Database Credentials - User facing term to refer to the collection of Password, Key File, and/or Hardware Key used to derive the Database Key.

Changes:
* Remove the term "master" and "key" from the user's lexicon and clarify  the code base based on the definitions above.
* Clean up wording in the UI to be clearer to the end user.
2020-07-02 17:39:45 -04:00
Jonathan White
c830f85c09 Various minor bug fixes / enhancements
* Fix issues when Config options were renamed
* Fix compile issues when using clang 10
* Rearrange database menu icons and import database menu icons
* Set minimum size of MainWindow to 800 to prevent search bar from hiding
* Fix not saving password generator options when closing the standalone generator
* Add headers to health check reports
* Don't show hidden content dots when notes are hidden but empty.

* Fix saving new database files in SMB shares on Windows, fixes #4809

* Gracefully handle duplicate attachments :
Instead of bailing out with an error, prepend a random string to the name of duplicate attachment records. This prevents data loss from other programs that mishandled KDBX XML writing. Fixes #2493

* Properly handle blocked import of signed KeeShare database, fixes #4413
2020-06-04 10:03:40 -04:00
Jonathan White
90d5372813
Replace database icons with SVG's
Original source of icons is the icon8 library (http://icons8.com/c/flat-color-icons) and Paomedia (https://github.com/paomedia/small-n-flat). All icons used are licensed MIT or CC0; annotated in COPYING.

* Closes #4071

* Increase default size of database icons to 24px and entry preview panel to 48px
* Add shell script to assemble the database icons

* Use QIcon to seamlessly support High DPI displays and pixmap caching
* Add badge support for KeeShare groups and expired entries.
* Guard against use of QPixmap::fromImage without a GUI

* Add SVG minify and improve `make icons`

Co-authored-by: Wolfram Rösler <wolfram@roesler-ac.de>
2020-05-29 10:00:32 -04:00
Jonathan White
5142981018 Significantly enhance hardware key robustness
* Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC.

* Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write.

* Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize.

* Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations.

* Fixes #4400
* Fixes #4065
* Fixes #1050
* Fixes #1215
* Fixes #3087
* Fixes #1088
* Fixes #1869
2020-05-14 20:19:56 -04:00
Jonathan White
485852c9db CLI: Use stderr for password prompt
Fixes #3398.

Convert to QTextStream for all CLI IO and greatly improve CLI tests

* Completely overhaul CLI tests to be much more streamlined and easy to read. Removed unnecessary code blocks by using existing functions.

Co-authored-by: Emma Brooks <me@pluvano.com>
2020-05-14 16:33:25 -04:00
Jonathan White
612f8d2e5b Improve OPVault handling and replace test opvault
* Fix various bugs in opvault parsing to include: TOTP parsing, date handling, naming convention, attachments, and multiple url's.

* Remove category groups that don't have any entries.

* Simplify tests by focusing on the resulting database instead of the parsing mechanics.

* Remove proprietary "freddy" opvault in favor of self-made "keepassxc" opvault.

* Fix #4069, select opvault file on macOS
2020-05-14 15:17:28 -04:00
Jonathan White
a8c02fdc3c Move database open to async task
* Wrap key transformation in AsyncTask when reading a database. Significantly reduces user interface lockup.
* Replace root group with new group instead of deleting the pointer (fulfills member validity promise).
2020-03-07 16:52:24 -05:00
Jonathan White
c663b5d5fc Add braces around single line statements
* Ran clang-tidy with "readability-braces-around-statements" to find missing braces around statements.
2020-02-02 08:46:18 -05:00
louib
b78ca924fd Adding db-info CLI command. (#4231)
This adds a basic db-show CLI command, to display
the information related to a database.
2020-01-26 23:44:31 -05:00
louib
c8ab3b5f4f Removing QColor (from Qt::Widgets) from core modules. (#4247) 2020-01-26 21:38:43 -05:00
Andrey Izman
796b5ceacb Fix closing tag typo 2020-01-22 17:31:46 -05:00
Jonathan White
181ad76ec9 Use new TOTP structure when importing 1Password Vault
* Fixes #3999
2020-01-03 18:08:24 -05:00
asapelkin
98badfb4a2 some cppcheck and clang-tidy fixies 2019-11-01 22:53:28 -04:00
Jonathan White
4cc06f94c0 Correct Translation Warnings 2019-10-20 20:39:21 -04:00