Decrypt with keyfile

[hpoul]

No description provided.

[bigbear3001]

Would be great to have this.

[hpoul]

@bigbear3001 will look into this, should be quite easy.. it's just prepended to the hashed password iirc :) I just didn't implement it yet because i didn't think anyone would actually use it.. it's quite cumbersome to share keyfiles with mobile devices.. :)

[hpoul]

@bigbear3001 fyi, i've now basically implemented keyfile support.. ( 10d4856 ) just needs a bit more testing with different combinations.. (password + keyfile, only keyfile, android, ios, macos, etc.) :)

[hpoul]

decryption with keyfile is now implemented. Here is a prerelease . version if you've got time to try it:
AuthPass.app-mac-1.3.0.zip

for a full release i've got a few more things on my todo list in the next few days (hopefully)

[bigbear3001]

I tested it and it works with a newly generated test database. Unfortunately it does not work with my database. I could not yet figure out what the difference between the files is. All the settings seem to be the same.

For my database it always gives me the error that the password is not correct.

[hpoul]

@bigbear3001 thx for testing.. what is the error message? Is it invalid password or something else? (That should be the difference between error during decryption and error while parsing xml) .. have you checked if it is kdbx 3 (but 4) - I'm not sure how to check that in keepass though, I've never actually used it directly ;)

[hpoul]

@bigbear3001 nvm re error message.. missed the last sentence :) that one did not make it into the email notification ;)

[hpoul]

@bigbear3001 this is a bit weird, because kdbx 4 should give you another error message.. maybe you could take a look at ~/Library/Containers/design.codeux.authpass/Data/Library/Application Support/design.codeux.authpass/logs/app.log if there are any more hints.

[hpoul]

keyfile should be working, i've also improved error messages when encountering kdbx 4 files. closing issue.

[bigbear3001]

i just downloaded 1.4.1 from the App Store (it still says 1.0.0+1 in the about dialog of the app)

it's not working, it says invalid password. in the logfile the messages are:

2020-02-11 20:50:27.072086 WARNING kdbx.format - Unable to parse key file as hex or XML, use as is."<" expected at 1:1#0      parse (package:xml/xml.dart:80)
#1      new KeyFileCredentials (package:kdbx/src/kdbx_format.dart:71)
#2      new Credentials.composite (package:kdbx/src/kdbx_format.dart:31)
#3      _CredentialsScreenState._tryUnlock (package:authpass/ui/screens/select_file_screen.dart:718)
<asynchronous suspension>

2020-02-11 20:50:27.078447 FINER kdbx_bloc - Reading from secure  bookmark. (File: '/Users/bigbear3001/ownCloud/KeePass/Database.kdbx')
2020-02-11 20:50:27.078625 WARNING kdbx_bloc - Stored secure bookmark resolves to a different file than we originally opened. File: '/Users/bigbear3001/ownCloud/KeePass/Database.kdbx' vs. File: '/Users/bigbear3001/ownCloud/KeePass/Database.kdbx'
2020-02-11 20:50:27.079043 FINE kdbx_bloc - startAccessingSecurityScopedResource: true
2020-02-11 20:50:27.140710 FINE authpass.select_file_screen - Invalid credentials. (PlainTextPassword)Instance of 'KdbxInvalidKeyException'#0      KdbxBloc.openFile (package:authpass/bloc/kdbx_bloc.dart:444)
<asynchronous suspension>
#1      _asyncThenWrapperHelper.<anonymous closure> (dart:async-patch/async_patch.dart:75)
<asynchronous suspension>

2020-02-11 20:50:40.667079 WARNING kdbx.format - Unable to parse key file as hex or XML, use as is."<" expected at 1:1#0      parse (package:xml/xml.dart:80)
#1      new KeyFileCredentials (package:kdbx/src/kdbx_format.dart:71)
#2      new Credentials.composite (package:kdbx/src/kdbx_format.dart:31)
#3      _CredentialsScreenState._tryUnlock (package:authpass/ui/screens/select_file_screen.dart:718)
<asynchronous suspension>

2020-02-11 20:50:40.721306 FINE authpass.select_file_screen - Invalid credentials. (PlainTextPassword)Instance of 'KdbxInvalidKeyException'#0      KdbxBloc.openFile (package:authpass/bloc/kdbx_bloc.dart:444)
<asynchronous suspension>
#1      _asyncThenWrapperHelper.<anonymous closure> (dart:async-patch/async_patch.dart:75)
<asynchronous suspension>

PlainTextPassword was my password (so if possible please don't log that in the future)

[hpoul]

thanks for the log.. sorry for the plain text password, fixed that in the next version . (Also fixed displaying of version number on macos). but to the actual problem.. :-) how have you created the keyfile? Using KeePass? Could you maybe create me a new dummy database file with keyfile so I can test it.. Because the one I've created worked for me (™) although i have used Keeweb iirc. https://github.com/authpass/kdbx.dart/blob/master/test/password-and-keyfile.key

[hpoul]

@bigbear3001 any chance you can send me a test file? ;-) also, I have now added ("experimental" - ie. it works for me) support for kdbx 4.x.. if you've got time, maybe you could give it a try.. (version 1.5.0 .. i'll release it soon'ish)

AuthPass.app-1-5-0-b122.zip

[bigbear3001]

@hpoul i think i created the keyfile with keypass 1.x (i later migrated the db to keepass 2.x .kdbx), it looks like a 64 characters long hexstring.

I created a new test database like my current one (although the new one was created with keepass 2.x and the hex key generated on bash from /dev/random), password is testing99
NewDatabase.zip

I cannot test any Mac OS stuff this week, i don't have my macbook pro with me.

[hpoul]

@bigbear3001 thanks for the file.. but that database seems to work? so there is only a problem with your main database file which isn't (easily) reproducible with a new database?

[bigbear3001]

Ok i think i figured it out. My original keyfile (the one that doesn't work) is missing the newline at the end. (it has 64 bytes instead of the 65 of the one from NewDatabase.zip) I attached another sample database with a keyfile that is not working in authPass and is working in KeyPass2. (password is testing99 again)
NewDatabase2.zip

(I then also upgraded authPass to 1.5.0+122 and the NewDatabase2 with keyfile_no_newline doesn't work in this version as well)

Hope this helps.

[hpoul]

@bigbear3001 cool, thanks.. that's an easy fix :-) if you've got time, maybe you could give this release a try:
AuthPass.app-1-5-1-b123.zip thanks!

[bigbear3001]

yes with 1.5.1+123 my original database also works, thanks

[hpoul]

i'm pretty confident that all combinations should work right now.. binary keyfile, base64 keyfile with newline, without and XML. in the latest (1.5.1/1.5.2) also supports kdbx 4.x with basically any combination of encryption settings (argon2, aes-kdf, chacha20, aes encryption) - so will be closing this issue for now 🙏️