Password DB no longer openable after upgrading 2.6.2 -> 2.6.3

[simondeziel]

Overview

This morning, keepassxc's snap refreshed and moved from 2.6.2 -> 2.6.3. Since then, my password DB won't open:

Failed to open key file: Unexpected key file data! Key file may be corrupt.

Steps to Reproduce

1. snap install keepassxc # version 2.6.2
2. setup password db
3. snap refresh keepassxc # version 2.6.3

Problematic version of keepassxc (from snap info):
latest/stable: 2.6.3 2021-01-12 (1245) 101MB -

Additional information

My password DB is encrypted by a passphrase and a key file.

Operating System: Linux/Ubuntu 20.04
Desktop Env: Gnome
Windowing System: X11

[droidmonkey]

What kind of key file?

[simondeziel]

I must admit I don't remember how I generated it but it has this (obfuscated) content:

<?xml version="1.0" encoding="UTF-8"?><KeyFile><Meta><Version>1.00</Version></Meta><Key><Data>...=</Data></Key></KeyFile>

[droidmonkey]

Gotcha, we basically kept the logic for the original keys, and we have tests for that functionality. This error occurs for two reasons: the version number does not start with 1.0 or 2.0, or the key data is not base64 for 1.0 version. These tests are the same, if not relaxed, from 2.6.2.

You can roll back to previous version, generate and assign a new key file to your db, then roll forward again.

[simondeziel]

I did what you suggested and it worked, thanks!

My old key's is seemingly in base64 format but when feeding it to base64 -d it complains about invalid input. I don't understand how 2.6.2 could grok it.

Anyway, thanks again and keep up the good work.

[droidmonkey]

Great, I don't think there is a bug on our end 😄

[daiwai]

I had the same problem after upgrading to 2.6.3. But contrary to what simondeziel reported, the Data section of my key file was clearly not base64 encoded. After base64 encoding its content I could use it to open my DB again.

@droidmonkey While the new behavior of 2.6.3 regarding key files with version 1.0 and a plain text Data section may not technically be a bug in keepassxc, from a user perspective it unfortunately sure looks like one, since a data format that worked with the previous minor (!) version suddenly stopped working.

So from a user perspective it would be much better to continue to support that old format and display a warning similar to this one to give users a chance to change their key without having to roll back or manually editing the key file.

[droidmonkey]

If anything there was a bug in the previous version! We never wanted to allow non-encoded key files. That is absolutely against the keepass standard.

[fernandodlcruz]

How can I roll back from the 2.7.4 Mac version? I cannot open my database anymore. It gives me the following error message:

"WARNING: You are using an old key file format which KeePassXC may
stop supporting in the future.

Please consider generating a new key file.
Error while reading the database: Invalid credentials were provided, please try again.
If this reoccurs, then your database file may be corrupt."

It seems the new version is not recognizing my keyfile anymore.

[droidmonkey]

That is a warning for the key file, we still recognize those keys. Just go to database-> database security and generate a new key file for your database.

You likely aren't typing in your password correctly or your key file is corrupted. You can easily download a previous version of keepassxc on our releases section here on github.