forked from pfn/keepasshttp
-
Notifications
You must be signed in to change notification settings - Fork 0
stephenliang/keepasshttp
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
KeePassHttp plugin for KeePass
Provides a secure means of exposing KeePass entries via HTTP for clients to
consume.
This plugin is primarily intended for use with PassIFox and ChromeIPass
- https://github.com/pfn/passifox
- https://github.com/pfn/passifox/raw/master/passifox.xpi (save as)
- alternate download link https://passifox.appspot.com/passifox.xpi
Mono users:
1) Download KeePassHttp.dll and Newtonsoft.Json.dll
2) Copy into KeePass directory
3) You now have KeePassHttp working on Mono (Linux and Mac)*
On some linux systems you need to install mono-complete.
E.g. on Ubuntu run:
$ apt-get install mono-complete
Prereqs:
1) KeePass
2) Newtonsoft.Json (bundled 3.5r8)
Build:
1) msbuild
or
1) C:\Full\Path\To\keepass.exe --plgx-create C:\Full\Path\To\KeePassHttp
Pre-built:
- https://github.com/pfn/keepasshttp/raw/master/KeePassHttp.plgx (save as)
- alternate download link https://passifox.appspot.com/KeePassHttp.plgx
Install:
1) Copy KeePassHttp.plgx to C:\Path\To\KeePass.exe\Dir
Configuration:
a) No explicit configuration is necessary
b) KeePassHttp stores shared AES encryption keys in
\"KeePassHttp Settings" in the password database
c) Password entries saved by KeePassHttp are stored in
\"KeePassHttp Passwords" within the password database,
feel free to move them from here or delete the group
d) Remembered Allow/Deny settings are stored in custom
JSON string fields within the individual password
entry in the database
1) Whenever events occur, the user is prompted either by tray
notification, or requesting interaction (accept/deny/remember)
Protocol:
1) New client or stale client (key not in database). This is the only
point at which an administrator snooping traffic will be able to
steal encryption keys:
a) client sends "test-associate" with payload to server
b) server sends fail response to client (cannot decrypt)
c) client sends "associate" with 256bit AES key and payload to server
d) server decrypts payload with provided key and prompts user to save
e) server saves key into "KeePassHttpSettings":"AES key: label"
f) client saves label/key into local password storage
(a) can be skipped if client does not have a key configured
2) Client with key stored in server
a) client sends "test-associate" with label+encrypted payload to server
b) server verifies payload and responds with success to client
c) client sends any of "get-logins-count", "get-logins", "set-login"
using the previously negotiated key in (1)
d) if any subsequent request fails, it is necessary to "test-associate"
again
About
KeePass plugin to expose password entries securely (256bit AES/CBC) over HTTP
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published